[Enigmail] About Supprting BCCed Recipients

Patrick Brunschwig patrick at mozilla-enigmail.org
Wed May 13 12:31:32 PDT 2009 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Daniel Kahn Gillmor wrote:
> On 05/12/2009 12:19 PM, Patrick Brunschwig wrote:
>> I forgot that the forum needs registration. Those who don't want to
>> register can send an email to the following address:
>> poll at mozilla-enigmail.org
>>
>> Please indicate your answer to the following question:
>>
>> How many of your correspondents use a product (like PGP) that doesn't
>> support hidden keys?
>>
>> [ ] More than 50%
>> [ ] Between 20% and 50%
>> [ ] Less than 20%
>> [ ] None (i.e. 0%)
>> [ ] I don't know what software my correspondents use for encrypting messages
> 
> I believe that everyone who participates on public mailing lists like
> this one *must* answer in the latter category, simply because we have no
> idea who else is subscribed to the lists we use.  Of course, mails sent
> to lists are not usually encrypted so perhaps this doesn't matter.

Right, in addition I wouldn't necessarily call mailing lists as
"correspondents"; you often don't write mails to someone specifically on
a mailing list.

> Perhaps it should be rephrased as "how many people do you send encrypted
> mail to that cannot read it with hidden keys?"   Even so, it seems like
> we might be asking the wrong people.

I'm very well aware of the fact that most (if not very close to all)
people subscribed to this mailing list are using GnuPG and/or are
otherwise interested in Enigmail or Open Source software. This certainly
leads to a biased result. However, other user groups might not even know
what software they use for encryption, not to talk of their correspondents.

> Also, please don't enable hidden recipients by setting --no-throw-ids,
> which paints with far too wide a brush.  Better to use
> --hidden-recipient for the specifically Bcc'ed folks.
> 
> Most simply, i could see this as the default behavior
> (--hidden-recipient for Bcc), with the ability to set a per-recipient
> rule disabling the feature.

As with most features, it's possible to design simple ways to support
them, like adding "--no-throw-keyids" (which would take me less than 1
hour to implement and test), and complex solutions that go as far as
extending the per-recipient rules (which would require at least several
days of work).

Given that I'm working on Enigmail during my very limited free time, you
might agree that I'm probably better off developing something really
useful, and not invest several days just to support the special case of
a few users who want to fully automate the sending of encrypted messages
to BCC'ed recipients who use software that doesn't fully support some
specific optional part of the OpenPGP standard ;-)

- -Patrick
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAwUBSgsgEncOpHodsOiwAQg5XAf/XwbLpT2k+6aCVL2XQnBk5jP/BdAs0YF3
dH1Ju9vAuvkcGApltmzlF1SOxndc+cz2uDEfAVkVG5fifbyQw8EEx0PYkjgMRFzh
UdhDgWKhNov9p3YdtN9/8bMy+zfFmDJGKQuia0mQSA9f9zlO1NKaI9mrfqWYXvPo
OBUzYUU9k7V3K0Jz/0BWzFTTWq5YpLiGqEy/KcpoG/b7i0cc6Nu1KlP2OcOOtQPb
QRKWIKrLYWuVza+88TGwVjHaIcDeJNO+EGdtQO/+yINN4p6Alqj3QKORvLlAX7qE
bj1kR+gsdKJ59YSDbUiw8tdyL6FVqCPvcjY4YfgUKhQPqa+8MeixQg==
=L1P6
-----END PGP SIGNATURE-----

More information about the Enigmail mailing list