On Mon 2016-01-04 20:23:49 -0500, Ben McGinnes wrote:
Removing the metadata of who a message is for seems likely to require
either:
a) trial decryption on the recipient side (problematic for smartcard
and multiple-secret-key setups, as Neal and Werner pointed out), or
b) some sort of racheted shared state between sender and recipient
(e.g. a briar- or axolotl-style esk, which might provide other nice
features, like "deletable" ("forward-secret") messages)
While (b) is out of scope for us here until we get 4880bis sorted, if
someone wanted to experiment with that and report back, i'm sure it
would be interesting to several people on the list.
Or maybe there's a (c) option?
There is, but I can't recall if I've mentioned it on this list or not,
but I know it's been mentioned on gnupg-users because that's how I
found out about it:
http://www.confidantmail.org/
An attempt at side-stepping SMTP entirely and replacing the transport
method with one of the methods used by BitTorrent. It relies on GPG
for the message encryption and everything is contained within the
encrypted zip. The only addressing metadata is the key UID which is
of the format of:
any-damn-thing-you-like@somehost-including-tor-hidden-sites-and-i2p-it-doesn't-care
It even includes a clever means of achieving forward secrecy, but
arguably it could benefit from hiding the OpenPGP metadata a little
better.
This sounds like an effort to hide the SMTP metadata, but doesn't
involve hiding the metadata in the OpenPGP format itself. While i think
this is a neat idea, i'm not convinced it's addressing the same problems
that (a) and (b) are addressing.
--dkg
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp