At 16:36 3/11/96, John Pettitt wrote:
I can see a case where one would want to broadcast a message (say on usenet) with *no* indication of the intended recipient (not even a non registered key-id). It would seem to be easy enough to hack up something that does not have key-IDs - to know if it's for you try decryption and if it works then it was for you. This does not scale well as the recipient must trial decrypt all messages which could use *a lot* (tm) of CPU time.
There is also the problem of knowing WHICH key to use (ie: Even when you know the message is intended for you, you must do a test run with each of your keys until one works). Thus you want private keys whose ownership is not publicly linked to your known identity (but is known to your correspondents). So long as you have your corespondent's published Public Key, you can use it to do a one-time transmission of a private Public Key to be used to do anonymous (ie: Not Linked to your Public Identity) transmissions to you.