On Mon, 4 Jul 2005 16:59:00 -0700 (PDT), "Hal Finney" said:
Given the weak level of anonymity it affords, perhaps the zero keyid
feature is misleading to users? If so, should we consider deprecating
it until we are willing to do the work necessary to do the job right?
For one recipient it is actually a valuable feature. MTAs using this
to hide BCC messages are of course not using it proper - they need to
send several messages.
Or we could at least put a note in the RFC emphasizing that this feature
does not provide strong anonymity and should not be relied upon for
that purpose.
A word on that there are problems when used with more than one
recipient would be good. However, the wild card keyID is an OpenPGP
feature and how it it used is more a matter of the actual
implemention. I'll add a warning to gpg's man page.
Shalom-Salam,
Werner