[tor-talk] What about GnuPG's --hidden-recipient option as default for torbirdy?
Sukhbir Singh
sukhbir.in at gmail.com
Wed Dec 18 01:25:16 UTC 2013
nb.linux:
> I was thinking whether it could be a good idea to have the
> --hidden-recipient
> option for GnuPG set in torbirdy by default? (if at all possible [*])
>
> `man gpg2' says
> --hidden-recipient name
>
> -R Encrypt for user ID name, but hide the key ID of this user’s
> key. This option helps to hide the receiver of the message and
> is a limited countermeasure against traffic analysis. If this
> option or --recipient is not specified, GnuPG asks for the user
> ID unless --default-recipient is
> [...]
Yes, what you described is a valid concern. In the previous release
(0.1.1), the `--throw-keyids' option was enabled by default, which does
the same thing as `--hidden-recipient' but for _all recipients_. From
the man page for `--throw-keyids':
"This option is essentially the same as using --hidden-recipient for
all recipients."
But many users complained about this [1] so it is not the default option
in the latest release but you can still enable it in TorBirdy if you
want to. See [2] manual for more information.
[1] - https://trac.torproject.org/projects/tor/ticket/6941
[2] -
https://trac.torproject.org/projects/tor/wiki/torbirdy/preferences#a-DonotputtherecipientkeyIDsintoencryptedmessages
--
Sukhbir
More information about the tor-talk
mailing list