[sorry. ralf, of course I meant to answer to the lists]
On Monday 05 January 2004 14:06, Ralf Hauser wrote:
To my understanding,
If I send a message with attachments, the attachment filename is visible
without cryptanalysis.
Would it be hard to give the encrypted file a random name and only upon
decryption, give it back its real name?
http://www.ietf.org/rfc/rfc2440.txt doesn't appear state anything on this
issue.
Isn't that kind of giving away information that could be easily protected -
or did I miss something?
Hi,
You did miss rfc3156 (PGP/MIME). The structure of these (encrypted) emails is:
============================
From: whatever
To: whatever
Subject: whatever
Date: whatever
Content-Type: multipart/encrypted;
protocol="application/pgp-encrypted";
boundary="Boundary-02=_5Plx/pJ9Yq8C9E0"
--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/pgp-encrypted
Version: 1
--Boundary-02=_5Plx/pJ9Yq8C9E0
Content-Type: application/octet-stream
-----BEGIN PGP MESSAGE-----
Version: GnuPG v1.2.3 (GNU/Linux)
hQEOAzLIxTMIwnnYEAP....
....
AFWzv4cn5IDmQ5A93JaApgQg6g==
=pVu5
-----END PGP MESSAGE-----
--Boundary-02=_5Plx/pJ9Yq8C9E0--
============================
And the encrypted part is again a full MIME message, with attachments and all.
So the only relevant bits that go over the wire unencrypted are From/To
(unavoidable to the extent of the email addresses) and the Subject (I have a
proposal that could address this cooking slowly, I think I posted it in some
places a few months ago).
Greetings
-- vbi
--
<Knghtbrd> joeyh now has a terminal at the couch?
<Knghtbrd> That guy is wired, I swear =3D>
<doogie> Knghtbrd: laptop
<doogie> and I don't mean the cats.
pgpSbMO6Juhaq.pgp
Description: signature