[linux-elitists] pgp -m with gpg

David Shaw dshaw@jabberwocky.com
Mon Dec 10 15:46:15 PST 2001


On Mon, Dec 10, 2001 at 03:11:14PM -0800, Aaron Lehmann wrote:
> On Mon, Dec 10, 2001 at 04:40:17PM +0000, M. Drew Streib wrote:
> > If gpg is truly encrypting the stream, and not adding any funny headers
> > to the output (I'd hope not), then autodetection should be out of the
> > picture.
> 
> Why are you afraid of headers?
> 
> All signatures or encrypted messages you send contain headers telling
> PGP what the message is, to whom, and even a checksum.
> 
> I can't find anything about the format of symmetric-only messages in
> RFC2440, but that's because I'm not looking hard enough.

There is no format - it's just a bunch of bytes.  There is a "this is
a PGP message, and here comes a symmetric message" header though.

People are concerned with headers because it shows that a PGP message
is being sent, and who can decrypt it.  This doesn't worry me - PGP
isn't supposed to be about hiding the fact that a message was sent, or
even that the message was encrypted.  PGP is about encrypting messages
so that nobody can read them unless they are supposed to.  There are
other tools to handle message and communication hiding.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 486 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20011210/d6678d5d/attachment.pgp 


More information about the linux-elitists mailing list