No Hidden-Recipient support in GPGME?

David Shaw dshaw at jabberwocky.com
Mon Sep 1 16:35:34 CEST 2008


On Sep 1, 2008, at 8:27 AM, Bernhard Reiter wrote:

> On Thursday 28 August 2008 14:59, David Shaw wrote:
>> On Aug 28, 2008, at 8:26 AM, Arturo 'Buanzo' Busleiman wrote:
>>> Werner Koch wrote:
>>>> What we could add far easier is an encryption flags which sets the
>>>> --throw-keyid option of gpg and thus all recipients would be  
>>>> hidden.
>>>
>>> That would work too! Jacob Appelbaum and I are working on the Web- 
>>> of-
>>> Trust solution to the OpenPGP
>>> for HTTP Bootstrapping issue, and we discovered that --throw-keyids
>>> would be great as a simple
>>> counter-measure against traffic analysis.
>>
>> Emphasis on 'simple', though.  Hidden keyids do work, but read
>> http://www.imc.org/ietf-openpgp/mail-archive/msg10923.html for one
>> potential gotcha and workaround.
>
> To me understanding, using a blind carbon copy on emails requires
> the email application to send out several versions of the email:
> 1) encrypted to all visible recipients
> n invisible recipients*) encrypted to all visible recipients and one  
> out of n
> invisible.

Exactly.  This can be difficult for those mail programs that allow the  
MTA to handle all addressing, since it involves sending a message to  
user "b" (an encrypted + hidden user), but with "a" (an unencrypted  
users) in the To: list.

David



More information about the Gnupg-devel mailing list