Implications of a common private keys directory in 2.1

Andrew Gallagher andrewg at
Wed Nov 23 19:51:25 CET 2016

On 23/11/16 17:54, Carola Grunwald wrote:
> Andrew Gallagher <andrewg at> wrote:
>> If you are worried about an attacker on the wire doing statistical
>> analysis of your message sizes and patterns of use, you will
>> probably have to go the whole hog and transport over Tor. And even
>> that is no panacea.
> Not real-time Tor but remailers providing latency. You got it.

Aha, this is the subtlety I was missing. Yes, this sounds like an
interesting project.

I still don't understand what you gain from per-user keys though.

>> And if we are only encrypting the content of the mail, then it
>> provides less security than TLS, which encrypts everything from
>> the handshake onwards.
> I'm talking about Whole Message Encryption including the complete
> header section.

But the SMTP envelope contains plaintext addressing info. TLS protects
this on the wire, while PGP encryption of the message (even the
headers) does not.

>> How does this provide the user with any more assurance than DKIM
>> verification?
> DKIM doesn't hide the sender's identity from external adversaries
> who try to analyse message flow.

That wasn't my question. I was asking what advantage a per-user
signature gives you compared to a server signature over a custom header.

> - In a TLS session the communication partners' IP addresses are
> public, moreover the sender domain is published by the receiving MTA
> by retrieving its public key from the DNS in order to verify the
> DKIM signature. OTOH with my kind of Whole Message Encryption
> combined with an asynchronous message transfer providing latency
> e.g. through remailers adversaries have no chance at all to link
> sender with recipient(s).

But if you have a per-user signature on the message content, surely the
sender can still be deduced? At least on the last hop...


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20161123/b5539aca/attachment.sig>

More information about the Gnupg-users mailing list