ietf-openpgp
[Top] [All Lists]

filenames of encrypted attachments visible ? How hard would it be to hide?

2004-01-05 06:05:23

To my understanding,

If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?

http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.

Isn't that kind of giving away information that could be easily protected -
or did I miss something?

Rgds
        Ralf

Sample use case: Some investment banker uses PGP and sends around an
attachment with the name "UnfriendlyTakeoverOfListedCorpXYZ.doc.asc" - isn't
that kind of an invitation to insiders?
Sure, it wouldn't be hard to rename the file before sending, but this kind
of negligence is happening all over... and I hope applications like gpg/pgp
could eventually become fool-proof/fail-safe to this level?


<Prev in Thread] Current Thread [Next in Thread>