Fwd: It's time for PGP to die.

[Garreau, Alexandre]

On 2014-08-17 at 01:41, Nicholas Cole wrote:
> On Sun, Aug 17, 2014 at 12:08 AM, Robert J. Hansen <rjh at sixdemonbag.org> wrote:
>> OpenPGP's biggest problem, BTW, which goes *completely unmentioned* in
>> this blogpost: OpenPGP can't protect your metadata, and that turns out
>> to often be higher-value content than your emails themselves are.
>> Further, exposed metadata is inherent to SMTP, which means this problem
>> is going to be absolutely devilish to fix.
>
> That is true.  But perhaps it would be a start if email clients
> actually put the actual email (with subject and references headers
> etc.) as an attachment to a bare email that contained only the minimal
> headers for delivery.  It wouldn't be a perfect solution, but it would
> at least fix a certain amount of metadata analysis.

Well, afaik, there’s *no* MIME header which is required for delivery
(maybe RFC says there is, but currently mail servers accepts mails with
no headers at all). The headers that are needed for delivery are not
MIME ones (the ones like “From:”, “To:”, “Date:”, “Message-Id:”,
“Subject:”, etc.) but the SMTP one (the “MAIL FROM:” and “RCPT TO:”)
which are separated. So I think mail clients could just send a void mail
with just as much MIME informations to says its content is a MIME
message (“message/rfc822” MIME type I think). Then things like the
subject, the date, the message-id, the list of attached things,
etc. would be protected. That makes less metadata, but it still leaks
the more important: recipient and receiver.

So the only way is to build an asynchronous communication system based
on anonymity, like GNUnet’s doing.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: </pipermail/attachments/20140817/f0733922/attachment.sig>