On 4 Nov 2005, at 5:23 PM, Travis H. wrote:
For example, pgp doesn't hide the key IDs of the addressees.
But OpenPGP does. Here's an extract fro RFC 2440: 5.1. Public-Key Encrypted Session Key Packets (Tag 1) [...] An implementation MAY accept or use a Key ID of zero as a "wild card" or "speculative" Key ID. In this case, the receiving implementation would try all available private keys, checking for a valid decrypted session key. This format helps reduce traffic analysis of messages. Now, there has been much discussion about how useful this is, and there are other related issues like how you do the UI for such a thing. But the *protocol* handles it. You might also want to look at the PFS extensions for OpenPGP: <http://www.apache-ssl.org/openpgp-pfs.txt> and even OTR, which is very cool in its own right (and is designed to take care of the sort of edge conditions all of these other things have): <http://www.cypherpunks.ca/otr/> Jon