New smart card / token alternative
vedaal at nym.hush.com
vedaal at nym.hush.com
Wed Nov 8 16:27:08 CET 2017
On 11/7/2017 at 12:10 PM, "Peter Lebbing" <peter at digitalbrains.com> wrote:
>How exactly can the identity ever be unknown when we're talking
>about stuff encrypted to an OpenPGP public key or signed by one? That's a
>completely unique identifier!
=====
Well, if someone were really *crazy enough* he could send the PGP encrypted message using --throw-keyid to all email sites listed on PGP keyservers ... (i hope no one is *that* crazy ... ;-) )
or, more practically, just post anonymously to a blog or website, using --throw-keyid,
with a pre-arranged understanding that the sender and receiver post to and check certain websites
This could be facilitated by Tails/Tor, although there are still some vulnerabilities:
https://tails.boum.org/doc/about/warning/index.en.html#index2h1
vedaal
More information about the Gnupg-users
mailing list