PGP reveals the key ID of the recipient of encrypted msg
savron at world-net.sct.fr
savron at world-net.sct.fr
Mon Mar 11 01:14:12 PST 1996
I began testing PGP a few days ago ( I'm a PGP newbie ) and I found
that it gives out the key ID of an encrypted message . From this you
can get the identification of the recipient of the message , if it's
someone who has publicaly distributed his key (keyserver , homepage
...) . So even if you are unable to decode the message you can find
who is the recipient of a given message . I think this is a big
privacy problem .
The problem is carried along when you encrypt a message for multiple
recipients , you get the key IDs of all the recipients and same
problem as above . I think something like 'blind email copy' should
be used , because the recipients don't have to know the identity of
each other .
Comments from long time PGPer will be welcome
More information about the cypherpunks-legacy
mailing list