Implications of a common private keys directory in 2.1

Peter Lebbing peter at
Wed Nov 23 19:59:09 CET 2016

On 23/11/16 18:54, Carola Grunwald wrote:
> Which relevant information does the single Received: header, describing
> the recipient MTA's interaction with the exit remailer, leak?

If you sign the data just before the interaction, the signature time and
the time noted in the Received:-header are virtually identical, so the
signature time doesn't leak data.

> Not real-time Tor but remailers providing latency. You got it.
> [...]
> You can send your PGP message to and fro around the world through
> as many servers as you like hiding all your traces thus removing sender
> metadata. With TLS you can't.

I think other people were thinking you wanted to use regular mail
transports in combination with your OpenPGP layer. Thus, only very few
MTA's would be involved and they would all be under the administration
of either the sending, or the receiving party. That is, the exact two
parties who have access to the private keys in the scheme you proposed.
Hence the noted similarity.



I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <>

More information about the Gnupg-users mailing list