> Well, you can go one step further. Unless the sender is throwing the > key ids, you can look to see which keyids are given as hints in the > outermost layer, to see which people are expected to be able to decrypt > it.
Sure, but this is a heuristic, not a formal verification. A useful heuristic, absolutely, but this is still at the level of "let's look at the packets to glean publicly available data" -- whereas message sanitization and verification would require access to the content of the message. Part of this is, I think, the OP is being a little handwavy with the idea of verification/sanitization. If what you're checking is dependent in any way on the cleartext, then you're screwed. And if what you're checking is dependent on the ciphertext, you're not really dealing with the message at all, but the container it's packaged into. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users