Re: [openpgp] Reducing the meta-data leak

Ben McGinnes <> Tue, 05 January 2016 01:24 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 247C41ACE23 for <>; Mon, 4 Jan 2016 17:24:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.911
X-Spam-Status: No, score=-1.911 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 3PtHe6LtD9la for <>; Mon, 4 Jan 2016 17:24:13 -0800 (PST)
Received: from ( []) by (Postfix) with ESMTP id 5219A1ACE22 for <>; Mon, 4 Jan 2016 17:24:13 -0800 (PST)
Received: from localhost ( []) by (Postfix) with ESMTP id ED53811C178C; Tue, 5 Jan 2016 12:24:11 +1100 (EST)
X-Virus-Scanned: amavisd-new at
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with LMTP id wx_aQWkoRx92; Tue, 5 Jan 2016 12:24:05 +1100 (EST)
Received: from ( []) by (Postfix) with ESMTP id AC31A11C015D; Tue, 5 Jan 2016 12:24:04 +1100 (EST)
To: Daniel Kahn Gillmor <>, "Neal H. Walfield" <>, Derek Atkins <>
References: <> <> <> <> <>
From: Ben McGinnes <>
Openpgp: id=DB4724E6FA4286C92B4E55C4321E4E2373590E5D; url=
Message-ID: <>
Date: Tue, 5 Jan 2016 12:23:49 +1100
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="sDbRT7VtE1AUB4h7PeBaLBtLFC8elUEQV"
Archived-At: <>
Cc: IETF OpenPGP <>
Subject: Re: [openpgp] Reducing the meta-data leak
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 05 Jan 2016 01:24:15 -0000

On 5/01/2016 11:43 am, Daniel Kahn Gillmor wrote:
> fwiw, there is effort going into protecting some of the SMTP/RFC822
> metadata (see the discussions in, which would make
> this kind of work within OpenPGP more valuable than it currently is
> in the full-metadata-wrapped OpenPGP e-mail use case.

With a list name like that I'm just going to have to check it out.

> Removing the metadata of who a message is for seems likely to require
> either:
>  a) trial decryption on the recipient side (problematic for smartcard
>     and multiple-secret-key setups, as Neal and Werner pointed out), or
>  b) some sort of racheted shared state between sender and recipient
>     (e.g. a briar- or axolotl-style esk, which might provide other nice
>     features, like "deletable" ("forward-secret") messages)
> While (b) is out of scope for us here until we get 4880bis sorted, if
> someone wanted to experiment with that and report back, i'm sure it
> would be interesting to several people on the list.
> Or maybe there's a (c) option?

There is, but I can't recall if I've mentioned it on this list or not,
but I know it's been mentioned on gnupg-users because that's how I
found out about it:

An attempt at side-stepping SMTP entirely and replacing the transport
method with one of the methods used by BitTorrent.  It relies on GPG
for the message encryption and everything is contained within the
encrypted zip.  The only addressing metadata is the key UID which is
of the format of:


It even includes a clever means of achieving forward secrecy, but
arguably it could benefit from hiding the OpenPGP metadata a little