On Fri, Oct 25, 2013 at 5:36 AM, Tom Ritter <[email protected]> wrote: > On 25 October 2013 08:24, Geoffrey Irving <[email protected]> wrote: >> On Fri, Oct 25, 2013 at 5:19 AM, Tom Ritter <[email protected]> wrote: >>> Couldn't you just throw the KeyID? That is, specify it as all 0's >>> (like gpg's --throw-keyid option). this won't kind the fact that it's >>> encrypted to 6 keys, but it will hide what those Key IDs are. >> >> This isn't very secure: the message still amounts to a proof that it >> was encrypted for the given recipients. If you suspect who they are, >> now you know for sure. > > I don't think so. If I have a message encrypted to 6 thrown Key IDs, > AND I have the 6 public keys AND I have 1 private key - I still don't > know that the message was encrypted to _those_ six keys, I only know > that it was encrypted _to_ six keys, one of which I know because I > have the private key for it.
Oops, yes, you're right. Complaint withdrawn. :) Geoffrey _______________________________________________ http://openpgpjs.org Subscribe/unsubscribe: http://list.openpgpjs.org
