-----BEGIN PGP SIGNED MESSAGE----- Suppose you want to mail or post something sensitive enough to chain through several remailers with PGP encryption at every stage to protect the privacy of communications. PGP can bite you. The PGP comment feature lets you stick one (or more?) lines of comment into your encrypted messages, after the Version: line but before the encrypted message body. If you use the PGP comment feature to say something more or less unique (mine says that you can get PGP outside the country from ftp.ox.ac.uk), anybody eavesdropping the last remailer in your chain can notice this in the remailer's input and recognize that it's from you, even though you've chained through six different places to get there. It's still encrypted, and protected to the extent that the remailer protects you, but if the remailer is corrupt or your message can be identified by size among the other remailer inputs, you're hosed. So, for safety, either turn off PGP comments before using it with remailers, or wipe out the comments by hand before each layer of encryption (easy to do with GUI-based systems like Private Idaho; I don't know if premail lets you do this or not.) Bill Stewart -----BEGIN PGP SIGNATURE----- Version: 2.7.1 Comment: PGP available outside U.S.A. at ftp.ox.ac.uk iQBVAwUBMKAgw/thU5e7emAFAQFStwH/QnIiiaeSmUp1YynDBLVo3HAWsVkS0nx8 Fc95Mr0YJ/YIoRDz+xuNgLHbjJZSTUbhOnigMRb7JLNqhmCGvS5RBQ== =ZWhB -----END PGP SIGNATURE----- #--- # Thanks; Bill # Bill Stewart, Freelance Information Architect, stewarts@ix.netcom.com # Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281 #---