On 11/7/2017 at 12:10 PM, "Peter Lebbing" <pe...@digitalbrains.com> wrote:
>How exactly can the identity ever be unknown when we're talking >about stuff encrypted to an OpenPGP public key or signed by one? That's a >completely unique identifier! ===== Well, if someone were really *crazy enough* he could send the PGP encrypted message using --throw-keyid to all email sites listed on PGP keyservers ... (i hope no one is *that* crazy ... ;-) ) or, more practically, just post anonymously to a blog or website, using --throw-keyid, with a pre-arranged understanding that the sender and receiver post to and check certain websites This could be facilitated by Tails/Tor, although there are still some vulnerabilities: https://tails.boum.org/doc/about/warning/index.en.html#index2h1 vedaal _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users