Looking for feedback on Passive Privacy System

Robin O'Leary gnupg-devel at ro.nu
Thu Mar 15 12:34:01 CET 2001


On Thu, Mar 15, 2001 at 08:18:03AM -0000, Marlow, Andrew (London) wrote:
> ... While you're at it I
> suggest that you consider integrating the use of steganography with public
> key encryption.
The Passive Privacy System proposal only considers the key exchange
process.  It is hard to see how the key exchange protocol could make an
initial offer, having no shared knowledge, while also being undetectable.
So the key exchange has to be open.  What you do with the keys then is
up to you and correctly not specified by PPS.

> I live in the UK so any encrypted email I receive may now be
> the subject of an RIP decryption notice (see www.fipr.org). Failure to
> decrypt results in 2 years in jail. Because of RIP I will not openly use
> GPG/PGP unless its use can be hidden stenographically in a deniable way...
This seems a strange stance given that another part of RIP says that all
your email can be tapped at any ISP and they must not tell you.  If you
use encryption, this silent tapping is prevented since they have to ask
you for the key.  And when they do, GnuPG has a mechanism to show only the
session key for a specific message, rather than reveal your secret key.

Robin.
-- 
R.M.O'Leary <gnupg-devel at ro.nu>  PO Box 20, Swansea SA2 8YB, UK
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 360 bytes
Desc: not available
Url : /pipermail/attachments/20010315/43bdf560/attachment.bin


More information about the Gnupg-devel mailing list