Implications of a common private keys directory in 2.1

Peter Lebbing peter at digitalbrains.com
Thu Nov 24 14:32:53 CET 2016


On 24/11/16 14:16, Carola Grunwald wrote:
> WME combined with nym server usage for example requires an individual
> WME key for each account, as otherwise at least the recipient, who may
> communicate with different aliases is able to link them based on their
> common signature key-ID.

I don't understand this. Could you give an example or something, to help
me understand?

AFAICS, the recipient needs a way to send mail back to the sender, and
hence, a domain name for the sender. Having the signature tell them
which domain name the sender used, tells them nothing. Unless of course
you don't want pseudonymous, but anonymous mail. In the latter case, a
signature is meaningless and should just be omitted altogether.

> Concerning faked timestamps you have to imagine that an adversary may
> observe your Tor connections. When he sees high activity shortly after
> the signature's timestamp you may have transmitted the respective
> message.

And how will the adversary see this timestamp? It's encrypted to the
recipient! Surely, if he has the timestamp, he has the plaintext of the
mail and the timestamp is probably the least of your problems. I'm
really not getting this concern! Huh?!

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list