Possible chosen-ciphertext attack on receiver anonymity
Werner Koch
wk at gnupg.org
Sat Jul 2 14:00:10 CEST 2005
On Fri, 1 Jul 2005 22:00:17 -0700 (PDT), Brent Waters said:
> Thanks for clarifying that. The context in which I was originally
> interested in this is when there are BCC recipients on encrypted
The usual way to handle this is by sending separate mails. Even with
key-privacy the recipients would notice that there might be a BCCed
address. IIRC, Mutt does exactly this.
> I have been talking about this with Adam Barth and Dan Boneh. I think
> the solution is to come up with a solution to a proper definition. I
> believe it should be pretty reasonable to do both.
Fur other reasons (Mister/Zuccherato) a new way of encrypting message
is anyway planned for the future. Adding key-privacy then won't be
that problematic.
> understanding of things over here first. I presume I should just shoot
> them an email like I did to you?
Yes.
Shalom-Salam,
Werner
More information about the Gnupg-devel
mailing list