From d92f06e882a0c8a387b97adb2c82e81e8a5c0c5f Mon Sep 17 00:00:00 2001 From: Werner Koch Date: Thu, 28 Aug 2008 14:57:25 +0000 Subject: [PATCH] Add a warning nite to --throw-keyds. --- doc/DETAILS | 4 ++-- doc/gpg.texi | 15 +++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/doc/DETAILS b/doc/DETAILS index e7a5d423b..ae2236bac 100644 --- a/doc/DETAILS +++ b/doc/DETAILS @@ -60,8 +60,8 @@ record; gpg2 does this by default and the option is a dummy. be marked as ultimately trusted. For X.509 certificates an 'u' is used for a trusted root - certificates (i.e. for the truct anchor) and and 'f' for - all other validated certificates. + certificate (i.e. for the trust anchor) and an 'f' for all + other valid certificates. 3. Field: length of key in bits. diff --git a/doc/gpg.texi b/doc/gpg.texi index 1f59e4043..2ea851b5b 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2264,12 +2264,15 @@ will still get disabled. @item --throw-keyids @itemx --no-throw-keyids -Do not put the recipient key IDs into encrypted messages. This helps -to hide the receivers of the message and is a limited countermeasure -against traffic analysis. On the receiving side, it may slow down the -decryption process because all available secret keys must be tried. -@option{--no-throw-keyids} disables this option. This option is essentially -the same as using @option{--hidden-recipient} for all recipients. +Do not put the recipient key IDs into encrypted messages. This helps to +hide the receivers of the message and is a limited countermeasure +against traffic analysis.@footnote{Using a little social engineering +anyone who is able to decrypt the message can check whether one of the +other recipients is the one he suspects.} On the receiving side, it may +slow down the decryption process because all available secret keys must +be tried. @option{--no-throw-keyids} disables this option. This option +is essentially the same as using @option{--hidden-recipient} for all +recipients. @item --not-dash-escaped This option changes the behavior of cleartext signatures