Gary Jeffers writes:
Well, I just used MIT's PGP 2.6.2 with 3 different users' public keys to encrypt 3 different files. In all 3 files, the first 3 characters were the same (an umlauted A, then an i with an up arrow over it, and then a heart). This beginning 3 character string is apparently the infamous PGP RSA signature. The signature that says to spooks' programmed encryption sniffers - "HEY! I'M PGP - GIVE ME A LOOK!."
As if they couldn't figure it out anyway. It isn't an "RSA signature" by the way. Read format.doc sometime.
When are the PGP designers and coders going to get serious and de- velope STEALTH PGP inside PGP itself!?
Never, I hope. It would dramatically lower the utility of the system. Can you imagine how disgusting it would be to try decrypting something if you have a dozen keys outstanding? Not to mention how hard it would be to deal with figuring out that you should even try to decrypt things in the first place.
So what, -that "only a few companies" will be discovered to be using PGP through the RSA signature!? Those few companies are the seeds for the vast numbers of companies that would follow them in using PGP over the Internet. The RSA signature is the flag that allows the spooks to easily net the bold first companies. The RSA signature is greatly impeding the spread of PGP use over the Internet. PGP MUST BE STEALTHED!!
It isn't an RSA signature. Its a bunch of magic numbers. Look, get real already. If someone sees a bunch of random numbers in mail sent by me, its going to be pretty obvious what the hell is inside anyway. I very much see this whole thing as a non-issue. Perry