PGP: sequencing messages

[Trevor Smith]

On Tue, 02 May 2000 12:24:19 +0000, John Drabik wrote:

>The PGP approach is tough, because looking at a printout, you can't
>tell the difference between tabs and spaces, or even the number of
>spaces in some cases, so you can't reconstruct a key easily (and
>perhaps, not at all).  I tried a few messages to myself, and was
>unable, without "cheating" to accurately reconstruct every space and
>tab.

I agree, PGP isn't a perfect solution for printed material.

>But for that approach to work, you must be able to prove to the court
>that every outbound message is tagged, is unique, and is encrypted in
>such a way that the true recipient can be identified.

I doubt there is currently any way for a sender to prove who emails
were sent to. It will always be your word against mine that I was a
recipient.

If you send me something with a PGP signature *I* (the receipient)
can prove you (the sender) sent it to me. But you can't.

>Anybody have any more thoughts on a simple, effective way to
>absolutely sequence and identify messages, via print and
>electronically too (both are mandatory), even through blind-copy

It is not possible to do the above in a way that can be used to
absolutely prove the origin of or the authenticity of the documents.

It will always come down to your word that they were sent when and to
whom you claim. Anyone can remove whatever identifier you insert and
that is the end of your scheme.

The *ONLY* way to do what you want is to get the recipients to resend
a copy back to you with *their* PGP signatures on them. This,
obviously, is not going to happen.


-- 
 Trevor Smith          |          trevor@haligonian.com
 PGP public key available at: www.haligonian.com/trevor

PGP Public Key Fingerprint= A68C C4EC C163 5C0A 6CFA  671F 05D4 0B30 318B AFD6