filenames of encrypted attachments visible ? How hard would it be to hide?

Ingo Klöcker ingo.kloecker at epost.de
Sat Jan 10 14:46:39 CET 2004


On Friday 09 January 2004 08:44, Adrian von Bidder wrote:
> (Hmm. kmail reported a bad signature  on your mail.)

FWIW, my KMail reports a good signature. If you want to analyse the 
problem then I can send you my version of this message.

> On Tuesday 06 January 2004 08:20, Ivan Boldyrev wrote:
> > On 8614 day of my life Adrian von Bidder wrote:
> > > And the encrypted part is again a full MIME message, with
> > > attachments and all.  So the only relevant bits that go over the
> > > wire unencrypted are From/To (unavoidable to the extent of the
> > > email addresses) and the Subject (I have a proposal that could
> > > address this cooking slowly, I think I posted it in some places a
> > > few months ago).
> >
> > Have you ever recieved spam with fake From and To headers?  There
> > are headers and there is envelope in message, and latter is not
> > visible to user.  So, you can user fake address in headers (or do
> > not use headers at all) and real addresses in envelope (and
> > envelope is visible only to transport agents, not delivery agents).
>
> Ok, I agree I was oversimplifying it. But the gist of my message was:
> the message sender and recipient cannot be encrypted for obvious
> reasons. The envelope sender and recipients are available in the MUA,
> too, in most cases, btw:
>
> Envelope recipient:
> 	Received: from trithemius.gnupg.org (trithemius.gnupg.org
> [217.69.76.44]) by zbasel.fortytwo.ch (Postfix) with ESMTP id 347F56C
> 		for <avbidder at fortytwo.ch>; Thu,  8 Jan 2004 21:22:35 +0100 (CET)
> and the sender:
> 	Return-Path: <gnupg-users-bounces at gnupg.org>
>
> These headers are even added after the initial message submission, so
> there's nothing we could ever do with encryption.
>
> So, using empty (or fake) From: and To: header buys you nothing but
> spamassassin score.

If you are concerned about those headers then you'll have to use a 
remailer (or even a chain of remailers).

Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : /pipermail/attachments/20040110/d2667cca/attachment.bin


More information about the Gnupg-users mailing list