[Enigmail] Idea for improvement usability of sending to mixed groups of recipients (with gpg and without gpg support)
John Clizbe
John at Mozilla-Enigmail.org
Sat May 24 15:30:39 PDT 2008
Martin Maier wrote:
> Hi all,
> I think one of the most important things to increase the usability of
> Enigmail with Thunderbird, would be to make the sending to a mixture
> group of recipients (some recipients with and some one without gpg key)
> more comfortable. Now the problem is, if you want to send an email to a
> group of recipients and there is at least one recipients which doesn't
> have any gpg key (doesn't support receiving encrypted mails), you can
> only choose between sending encrypted or unencrypted but there is no
> alternative between.
And there should be no in-between. Sending a copy unencrypted negates *any*
security benefit of encryption.
> If you choose sending encrypted, only the recipients in key list can
> read the message. If you choose sending unencrypted, all recipients
> also the recipients in gpg key list, get the message unencrypted.
So, if everyone can read the unencrypted version, why bother at all with sending
an encrypted copy. If you're willing to send it unencrypted to a single
recipient, there's no need to encrypt it to the others.
> The improvement to wish would be an additional alternative e.g. named
> "mixture recipients" which automatic send the email encrypted to the
> recipients with gpg key and a copy of same email unencrypted to the
> recipients without gpg support!
This is a security mis-feature in the name of usability. What its real effect
would be is to allow the accidental exposure of sensitive information that was
thought to be confidential.
--
John P. Clizbe Inet: John (a) Mozilla-Enigmail.org
You can't spell fiasco without SCO. PGP/GPG KeyID: 0x608D2A10/0x18BB373A
"what's the key to success?" / "two words: good decisions."
"what's the key to good decisions?" / "one word: experience."
"how do i get experience?" / "two words: bad decisions."
"Just how do the residents of Haiku, Hawai'i hold conversations?"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 677 bytes
Desc: OpenPGP digital signature
Url : http://www.mozdev.org/pipermail/enigmail/attachments/20080524/b1d6696c/attachment.bin
More information about the Enigmail
mailing list