PGP: sequencing messages
John Drabik
pmmail@rpglink.com
Tue, 04 Apr 2000 23:52:21 +0000
Maybe I've missed something, but I wonder if it would be possible to
create (in PMMail for OS/2), a system that would "sequence" ALL of my
outbound messages, and place some innocuous-looking text into the
message with an encrypted version of the sequence number. It would
require EVERY outbound message to have a unique ID. Here's the idea
(and the problem):
I send messages (the same, or different messages, at different times
of day), to several people, "A", "B", and "C". Within each message,
just before my signature line, there would be a PGP-encrypted "serial
number", indicating that, say, message #1353 went to person A an
exact duplicate of that message (with ID #1354) went to person B
(with a separate "signature" in that e-mail too), and message 1355
went to person C, and so on. The "signature" has to look innocent;
for example, it could be "hex" digits underneath a picture of Kilroy,
or some other tag line, and BEFORE my signature. But it must contain
some type of data that uniquely ties the message to a particular,
original, recipient.
Later, suppose that person B forwards my message to somebody else.
If that message comes back to me later, I'd be able to tell that it
was person B who sent the message to the third-party. On the other
hand, if the "signature" was removed, it could be legitimately
claimed that the message had been modified, and the burden of proof
as to how or when then falls on the person who sends the message to
me. The hope is that they wouldn't even notice the "tag", thinking
it to be some part of the signature line, but not as obvious as "PGP
key: xxxxxxx" or some such thing. But even if they did, the message
would still be obviously destroyed or tampered with, and the
legitimacy could be immediately challenged.
Is this possible? And fairly easy?
John