Implications of a common private keys directory in 2.1

Carola Grunwald caro at
Fri Nov 25 00:03:01 CET 2016

Peter Lebbing <peter at> wrote:

>On 24/11/16 14:16, Carola Grunwald wrote:
>> WME combined with nym server usage for example requires an individual
>> WME key for each account, as otherwise at least the recipient, who may
>> communicate with different aliases is able to link them based on their
>> common signature key-ID.
>I don't understand this. Could you give an example or something, to help
>me understand?

Let's just say I hold two nym accounts at different nym servers

and send WME encapsulated mail through both of them to a single
recipient making him believe he talks to two different persons.

In this case the From: address of the message sent by my mail client
tells the proxy that it's nym mail. In addition to that the From: and
the To: address can be found in the WME participants list with 'Sign'
activated for the From: entry.

That's why the proxy clears the message header section, WME encrypts the
whole message for the recipient signing it with its individual WME key
(which can be the nym server account key), encrypts it for the nym
server signed with the nym server account's key and sends the result
through the remailer network to the nym server, which removes the nym
server encoding layer checking the account signature and sends the
resulting WME message to the recipient.

If now both of your nym accounts alice at and bob at
sign with the same WME key the recipient, to whom that similarity
becomes apparent, may wonder whether the obviously single author of
these messages suffers from dissociative identity disorder.

>AFAICS, the recipient needs a way to send mail back to the sender, and
>hence, a domain name for the sender. Having the signature tell them
>which domain name the sender used, tells them nothing. Unless of course
>you don't want pseudonymous, but anonymous mail. In the latter case, a
>signature is meaningless and should just be omitted altogether.
>> Concerning faked timestamps you have to imagine that an adversary may
>> observe your Tor connections. When he sees high activity shortly after
>> the signature's timestamp you may have transmitted the respective
>> message.
>And how will the adversary see this timestamp? It's encrypted to the
>recipient! Surely, if he has the timestamp, he has the plaintext of the
>mail and the timestamp is probably the least of your problems. I'm
>really not getting this concern! Huh?!

Simple answer: You never know who your opponents are. How can you be
sure the recipient of your mail isn't one of them? Or his network
infiltrated and his computer compromised?

A pinch of paranoia helps develop solid anonymity software.
Act as if there's no one out there you can trust.

Kind regards


More information about the Gnupg-users mailing list