"Neal H. Walfield" <neal(_at_)walfield(_dot_)org> writes:
Hi,
At the IETF 94 OpenPGP WG session, Bryan, if I recall correctly,
suggested that we should try and hide more meta-data. For instance,
instead of listing the recipients, someone decrypting a message would
try each of their available secret keys in turn. Werner pointed out
that these probes are a pain for people who use a passphrase protected
key and I mentioned that it is a pain for people who use a smartcard,
in paritcular, those who use more than one smartcard.
What about using a bloom filter for encoding the recipients? This, of
course, doesn't eliminate the meta-data leak and it can lead to false
positives (= gratuitious passphrase prompts / smartcard prompts), but
it should reduce the metadata leak a fair amount, I think. Thoughts?
There was an extension at one point where you use the string 0x00...00
for the keyID and that forced you to test all your secret keys. There
are certainly times where that is warranted; there are other times where
it is not.
I wasn't at the meeting (in person or virtually) so I'm not sure I
completely understand what the use-case is where the above solution
doesn't work?
Thanks,
:) Neal
-derek
--
Derek Atkins 617-623-3745
derek(_at_)ihtfp(_dot_)com www.ihtfp.com
Computer and Internet Security Consultant
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp