Re: Bcc, throw-keyids, and metadata hiding [was: Re: Announcing Astroid v0.11]

Subject: Re: Bcc, throw-keyids, and metadata hiding [was: Re: Announcing Astroid v0.11]

Date: Mon, 05 Feb 2018 16:15:24 +0100

To: astroidmail@googlegroups.com, Daniel Kahn Gillmor, notmuch@notmuchmail.org

Cc:

From: Gaute Hope

Daniel Kahn Gillmor writes on februar 5, 2018 9:33:
> On Mon 2018-02-05 08:33:36 +0100, Gaute Hope wrote:
>> Yes; this seems like the ultimate approach to this problem, unless 
>> it will be possible for GPG to completely hide receivers - I am guessing 
>> this is inherently impossible? 
> 
> I'm not sure how gpg could do that -- the metadata leak of most
> recipients (To:, Cc:) is *outside* of the material that GnuPG handles,
> since GnuPG doesn't see the mesage headers when it's encrypting the
> body.  Maybe i'm misunderstanding you though?
> 

I mean the recipient key list in the header of the encrypted 
packet [0][1]. I assume there must be a key list entry for each receiving key 
(even though it does not need to be accurate). It would be better to 
just remove the whole table of receiving keys, than setting each of them to 0.

Regards, Gaute

[0] https://www.ietf.org/rfc/rfc4880.txt
[1] https://crypto.stackexchange.com/questions/10253/why-are-the-first-few-bytes-of-a-gpg-encryption-always-the-same

_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: