Possible chosen-ciphertext attack on receiver anonymity

Werner Koch wk at gnupg.org
Sat Jul 2 14:00:10 CEST 2005

On Fri, 1 Jul 2005 22:00:17 -0700 (PDT), Brent Waters said:

> Thanks for clarifying that. The context in which I was originally
> interested in this is when there are BCC recipients on encrypted

The usual way to handle this is by sending separate mails.  Even with
key-privacy the recipients would notice that there might be a BCCed
address.  IIRC, Mutt does exactly this.

> I have been talking about this with Adam Barth and Dan Boneh. I think
> the solution is to come up with a solution to a proper definition. I
> believe it should be pretty reasonable to do both.

Fur other reasons (Mister/Zuccherato) a new way of encrypting message
is anyway planned for the future.  Adding key-privacy then won't be
that problematic.

> understanding of things over here first. I presume I should just shoot
> them an email like I did to you?




More information about the Gnupg-devel mailing list