On Apr 25, 2009, at 6:14 PM, John Clizbe wrote:
Ingo Klöcker wrote:
On Saturday 25 April 2009, John Clizbe wrote:
The message will be encrypted once with a symmetric cipher and
session key. Then the session key is encrypted to each recipient's
public key and the encrypted session keys are attached to the
message.
For each recipient the first valid key with matching email address
is
the one selected. If this is not the preferred key, then Enigmail's
Per-recipient rules may be setup to specify the correct key to use.
How does Thunderbird/Enigmail handle bcc'd recipients? Does it create
several differently encrypted copies of the message in case of bcc'd
recipients, i.e. one copy of the message encrypted with the keys of
all
public recipients and additional copies of the message (one per bcc'd
recipient) encrypted only with the key of the corresponding bcc
recipient (and probably with the sender's key)?
Enigmail passes GnuPG a list of recipients to encrypt to. It does not
generate separate messages, only the one. This is a constraint of
Thunderbird's architecture.
BCCed recipients are treated as just another recipient. There is only
one copy of the message and one set of encrypted session keys.
I'm not sure if Enigmail has sufficient control here (due to the
Thunderbird restrictions), but if possible, it might be wise to handle
Bcc's recipients with --hidden-recipient instead of --recipient (i.e.
"-r"). That would better duplicate the standard expectations of a
user using Bcc: the regular recipients can all see who the recipients
are, but not the Bcc'd people. As things stand now, any recipient can
see who was Bcc'd, which sort of removes the "B" from the Bcc.
--throw-keyids is a reasonable solution as well, but it's more of a
sledgehammer, rather than a scalpel.
David
_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
