IETF Logo Mail Archive

Re: [openpgp] Reducing the meta-data leak

Daniel Kahn Gillmor <dkg@fifthhorseman.net> Tue, 05 January 2016 19:54 UTC

Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39E4B1B2D57 for <openpgp@ietfa.amsl.com>; Tue, 5 Jan 2016 11:54:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hHuHpgWHmkXj for <openpgp@ietfa.amsl.com>; Tue, 5 Jan 2016 11:54:54 -0800 (PST)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by ietfa.amsl.com (Postfix) with ESMTP id E5CD01B2D52 for <openpgp@ietf.org>; Tue, 5 Jan 2016 11:54:53 -0800 (PST)
Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 095CFF984; Tue, 5 Jan 2016 14:54:47 -0500 (EST)
Received: by fifthhorseman.net (Postfix, from userid 1000) id DB29E200D1; Tue, 5 Jan 2016 14:54:46 -0500 (EST)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: vedaal@nym.hush.com, Ben McGinnes <ben@adversary.org>, "Neal H. Walfield" <neal@walfield.org>, Derek Atkins <derek@ihtfp.com>
In-Reply-To: <20160105195024.D3CC2200D0@smtp.hushmail.com>
References: <87io5j764u.wl-neal@walfield.org> <sjm7flz9muf.fsf@securerf.ihtfp.org> <87h9l36tf1.wl-neal@walfield.org> <56874CB5.7060806@adversary.org> <87d1tgzwi0.fsf@alice.fifthhorseman.net> <20160105195024.D3CC2200D0@smtp.hushmail.com>
User-Agent: Notmuch/0.21+39~gd2ae295 (http://notmuchmail.org) Emacs/24.5.1 (x86_64-pc-linux-gnu)
Date: Tue, 05 Jan 2016 14:54:46 -0500
Message-ID: <87si2bvm2h.fsf@alice.fifthhorseman.net>
MIME-Version: 1.0
Content-Type: text/plain
Archived-At: <http://mailarchive.ietf.org/arch/msg/openpgp/r6SJxbbYM70eGk64dz0SSdXyzGQ>
Cc: IETF OpenPGP <openpgp@ietf.org>
Subject: Re: [openpgp] Reducing the meta-data leak
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Jan 2016 19:54:55 -0000

On Tue 2016-01-05 14:50:24 -0500, vedaal@nym.hush.com wrote:
> Maybe a (c) option that combines  aspects of (a) and (b):
>
> [1] Suggesting that users of multiple secret keys have 1 unique e-mail
> address for key.
> (e.g.  Hushmail allows for unlimited nym e-mail aliases which all go
> to the same hushmail account under the primary [non-nym] e-mail
> account.)
> A user can generate multiple keypairs, assigning a different nym alias
> to each of them).
>
> [2] The users should not upload the keys to keyservers, but rather
> exchange public keys with whomever they wish to communicate.

this seems like it might be handwaving away a very difficult question...

> [3] They then use the --throw-keyid option, but the receiver knows
> exactly which key it is, by seeing to which nym e-mail address it is
> sent.

if the receiver can see it, then the metadata is present, right?  so
this proposal just moves the metadata out of the OpenPGP block and into
the surrounding RFC822 message.  I don't think that solves the problem.
or am i misunderstanding your proposal?

   --dkg

v2.23.0 | Report a Bug | By Email