On Thursday 20 November 2014 14:36:35 Schlacta, Christ wrote: > On Nov 20, 2014 1:58 PM, "Ingo Klöcker" <kloec...@kde.org> wrote: > > On Tuesday 18 November 2014 22:43:18 MFPA wrote: > > KMail encrypts an individual copy for each BCC recipient. I thought > > Thunderbird+Enigmail would also do this. > > > > Any mail client not doing this completely subverts BCC (unless > > --throw-keyids > > > or --hidden-recipient is used, but even throwing the key IDs still leaks > > the > > > number of hidden recipients). > > There's nothing preventing a list server or mail client from intentionally > adding a pseudo random quantity of invalid or junk keys to the recipient > list, thus obfuscating the number of additional recipients, only providing > an upper bound to the estimate.
Adding additional junk keys doesn't help if the recipient (or the recipients) expect a certain number of recipients. If the message is encrypted to more than (expected number of recipients)+1 (for encrypt to sender) then the recipients most likely will wonder who the other recipients are. You'll have a hard time convincing them that the "other recipients" are just fakes to confuse a third party intercepting the messages. Regards, Ingo
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
