One of the things I've noticed about PGP is that it makes it pretty
obvious that you're sending an encrypted message. The big
-----BEGIN PGP MESSAGE-----
at the start pretty much gives that away.
In most cases, this is fine, but sometimes it may not be desirable
to make it this obvious. Sending encrypted messages may call
unwelcome attention to yourself. Also, some people are experimenting
with packet radio on the amateur bands, and it's not legal to send
encrypted messages there.
What I think would be nice would be an "innocent" mode for PGP
in which it created files which looked like something else. For
example, what if your encrypted output file looked like:
begin 666 testpat.gif
MI\44:#G4D>QQXR!-M,Z20O1K&5D0, 5-4F.X<%MT
M2:V94,K;XE@B?]%IHF+_WGI%(]#=F]/[LV+&!
M,NH0(!3B35CW#!-Z7"B_L'=-C 8DLB-(J R"3?EE9<.>QE4Y?T$66IA7B@W?
end
This will be recognizable, if you've seen many, as a uuencoded file,
a common encoding for non-ascii files. The header line suggests
that it is a graphics file. Tons of these types of files are sent
across email networks every day. Sending your encrypted messages
in this form would give you a lower profile.
Still, if someone goes to the effort to uudecode your message,
and examines the resulting file, it will be obvious that it's not
a GIF file because it lacks the proper headers. Instead, with
the current PGP implementation it will be obvious that it is in
fact a PGP file, because the header format matches the PGP spec.
Again, I think it would be better if PGP in this mode were able to
produce a file without headers which will give away what it is. Even
better would be the ability to mimic headers of some other types
of files, such as the .ZIP, .ZOO, or Unix "compress" format which are
often used in binary files people mail around.
Another thing that I think is kind of bad about PGP in the context
of avoiding traffic analysis is that it puts the key ID of the
destination person in the header. There was some discussion during
development of a mode in which no key ID information would be in the
header; the only way you'd have of knowing if the message was for
you was to try decrypting it. (There is a checksum which is used
internally to tell if the decryption was done with the right key.)
This way you could broadcast messages to some group, and no one could
know which person in the group you were sending to.
These "anonymous destination" messages could be encoded with a key
ID of zeros, and the PGP software could easily be modified to let
the user try a decryption on such a message, reporting success or
failure.
How useful do these kinds of features seem to people? Would they
really be helpful or is this just paranoia?
Hal
74076.1041@compuserve.com
