On Tue 2017-02-14 15:08:25 -0500, Werner Koch wrote: > I don't think that --throw-keyid is a useful thing for use of gpg > in mails - it does not really help in this use case because that meta > data is easier available by other means.
I absolutely agree with this assessment, and i also agree with Bjarni's
approach to defending bcc addresses by sending distinct e-mails.
Bjarni's suggestion could theoretically be done in two ways:
0) do the symmetric encryption once, and then pick and choose which
PKESK OpenPGP packets to prepend to it depending on which message is
being generated.
1) simply re-encrypt the same cleartext multiple times (using different
symmetric session keys)
afaict, GnuPG only supports (1) at the moment (this is probably OK).
Presumably each message would use the same Message-Id, so that replies
thread properly, etc.
However, gpg is a tool that's used not only in e-mail contexts, so it
does still need to support the --throw-keyids option, since non-email
contexts are not guaranteed to be wrapped in equivalent metadata the
same way as an rfc822 message would be. :/
--dkg
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
