On 23/11/16 17:54, Carola Grunwald wrote: > Andrew Gallagher <[email protected]> wrote: > >> If you are worried about an attacker on the wire doing statistical >> analysis of your message sizes and patterns of use, you will >> probably have to go the whole hog and transport over Tor. And even >> that is no panacea. > > Not real-time Tor but remailers providing latency. You got it.
Aha, this is the subtlety I was missing. Yes, this sounds like an interesting project. I still don't understand what you gain from per-user keys though. >> And if we are only encrypting the content of the mail, then it >> provides less security than TLS, which encrypts everything from >> the handshake onwards. > > I'm talking about Whole Message Encryption including the complete > header section. But the SMTP envelope contains plaintext addressing info. TLS protects this on the wire, while PGP encryption of the message (even the headers) does not. >> How does this provide the user with any more assurance than DKIM >> verification? > > DKIM doesn't hide the sender's identity from external adversaries > who try to analyse message flow. That wasn't my question. I was asking what advantage a per-user signature gives you compared to a server signature over a custom header. > - In a TLS session the communication partners' IP addresses are > public, moreover the sender domain is published by the receiving MTA > by retrieving its public key from the DNS in order to verify the > DKIM signature. OTOH with my kind of Whole Message Encryption > combined with an asynchronous message transfer providing latency > e.g. through remailers adversaries have no chance at all to link > sender with recipient(s). But if you have a per-user signature on the message content, surely the sender can still be deduced? At least on the last hop... A
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
