Implications of a common private keys directory in 2.1

Peter Lebbing peter at digitalbrains.com
Mon Dec 19 12:28:05 CET 2016


On 11/12/16 02:48, Carola Grunwald wrote:
> Nevertheless the user has to get knowledge of such an attack, which is
> why a header entry reporting the decoding status is added to the message
> forwarded to the client:
> 
> | O-Nym-Crypto: slot=19; sym=3; asym=1; esub=i; account=myaccount at nym.mixmin.net
> | O-Nym-Sig: Good signature (SHA1:[562619C278247C3B] Bananasplit Pseudonym Server (Bananasplit Pseudonymous Email Server) <config at nym.mixmin.net>; Sat, 10 Dec 2016 02:25:44 +0000)

And is the message still delivered decrypted to the client? Because in
that case, it seems that the only thing preventing a user from
disastrously exposing the relation between two nym accounts is them
noticing the mismatch in this little header in the mail. That seems like
a really riskful user interface. Hopefully the message text is merely
saying "Message encrypted to wrong key", right?

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>



More information about the Gnupg-users mailing list