New smart card / token alternative

vedaal at nym.hush.com vedaal at nym.hush.com
Wed Nov 8 16:27:08 CET 2017


On 11/7/2017 at 12:10 PM, "Peter Lebbing" <peter at digitalbrains.com> wrote:

>How exactly can the identity ever be unknown when we're talking 
>about stuff encrypted to an OpenPGP public key or signed by one? That's a
>completely unique identifier!

=====

 Well, if someone were really *crazy enough* he could send the PGP encrypted message using --throw-keyid to all email sites listed on PGP keyservers ... (i hope no one is *that* crazy ... ;-)   )

or, more practically, just post anonymously to a blog or website, using --throw-keyid,
with a pre-arranged understanding that the sender and receiver post to and check certain websites

This could be facilitated by Tails/Tor, although there are still some vulnerabilities:
https://tails.boum.org/doc/about/warning/index.en.html#index2h1

vedaal




More information about the Gnupg-users mailing list