[Enigmail] About Supprting BCCed Recipients

Patrick Brunschwig patrick at mozilla-enigmail.org
Tue May 12 09:19:50 PDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Harry Rickards wrote:
> On 05/12/09 16:18, Patrick Brunschwig wrote:
>> Up to now, Enigmail gave a warning if encrypted emails are sent to BCCed
>> recipients because GnuPG would store the key ID's of all recipients in
>> the encrypted message. In order to overcome this privacy issue, there is
>> an option that allows to tell GnuPG not to write some of the key ID's
>> into an encrypted message ("--no-throw-keyids" and
>> "--hidden-recipient"). If such "anonymous" key ID's are found in a
>> message, GnuPG would probe all secret keys until one of them allows to
>> decrypt the message.
> 
>> Unfortunately, hiding the keys in a message is an optional part of the
>> OpenPGP standard; PGP (in particular) is known not to support it.
> 
>> And here comes my question: please help us out by lettings us know how
>> many of your correspondents use a tool like PGP such that they would not
>> be able to decrypt messages with hidden keys by participating in the
>> poll on our forum:
>> <http://mozilla-enigmail.org/forum/viewtopic.php?f=3&t=599>
> 
>> Thanks,
>> Patrick
> 
> Although I agree this is needed, perhaps a forum poll isn't the best way
> for user's to vote (for need of a better word). I know I certainly think
> it would be a lot easier just replying to this email than say: going to
> the link above, logging in (or registering for some people) and voting.
> This may be why there's only been one vote so far (as well as it's only
> been half an hour since you started the thread).
> 
> Would it be possible for you to setup some sort of email based poll on
> this mailing list, as I think a lot more people would vote then. For
> now, if anyone wants to vote without having to register an account, etc,
> I'll vote for them if they send me an email to hrickards at l33tmyst.com
> encrypted with my GPG key - 1024D/646ED06A. That is, after the
> administrator of the forum approves my account (see how long it will
> take people to vote, most people will not bother.) Thanks

I forgot that the forum needs registration. Those who don't want to
register can send an email to the following address:
poll at mozilla-enigmail.org

Please indicate your answer to the following question:

How many of your correspondents use a product (like PGP) that doesn't
support hidden keys?

[ ] More than 50%
[ ] Between 20% and 50%
[ ] Less than 20%
[ ] None (i.e. 0%)
[ ] I don't know what software my correspondents use for encrypting messages

Thanks again
- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSgmhoHcOpHodsOiwAQh2Jgf+JEWNYHdsKl4NJp6P7Zf1h4l3ehnYraVV
oRIAj1aSDpIQKBa2CO4/YITDufuFgR8NLyzidZoNZC39MYZbd5xQccr3l6YTulhq
81KRJhhDjV+ZHVQPp5XmM6ftW3nypbDBl4U+5UY7ZvviHIESsVdwdF0CLKsEopXJ
YfYlypFlZpy4PkL5q4FExobxsNfwaqqCFugsyu96+xhdmqyeVN35VVaYF1BQDXDu
HHsT1rtXImcA3KwRcLEbdAyV6ViMO2fRp3H6f4yoCLtGMHQdaxrcJiTN+WlU6oV3
ILich8ZAJrNhBn4hTjJCaf0OEL9gVT9JntcP9l4NdpFIlSoHthnFTA==
=OXUV
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list