On January 1, 2019 4:13:43 PM AKST, MFPA <2017-r3sgs86x8e-lists-gro...@riseup.net> wrote: >Hi > > >On Monday 31 December 2018 at 9:06:39 PM, in ><mid:6a39fc9c-3105-451b-bb5e-6d6757337...@colmena.biz>, justina >colmena via Gnupg-users wrote:- > > >> Shouldn't an email message (for example) be encrypted >> separately to >> each BCC recipient, > >My opinion is that should be the case. However, most MUAs I've used >include the BCC recipients' keys in the encryption along with the To >and CC recipients' keys, so any email addresses in the user-IDs of >these keys are visible to all recipients. > >As an exception, one MAU I used with an OpenPGP add-on would instead >send an individual copy of the message to each BCC recipient, >encrypted only to their key.
This seems like better practice. Also I would want to encrypt the transmitted email message only to the intended recipient, and the copy stored in my "Sent" folder only to myself. >> or is this an intended all-in-one >> multiple-recipient encryption which cannot conceal >> from the >> cryptanalyst the fact that the same message, >> encrypted only once, is >> being sent to more than one receiving party? > >With hidden-recipient or hidden-encrypt-to or throw-keyids, it is >clear how many keys were encrypted to, but the key IDs and user-IDs >are not present. I am not terribly comfortable with this situation. It almost seems rather creepy to me to receive an encrypted message that is also encrypted for the benefit or verification of one or more unknown and unidentified third parties. I start suspecting things like a foreign government mandated key escrow or secret government backdoor on behalf of some foreign spy or law enforcement agency. > >-- >Best regards > >MFPA <mailto:2017-r3sgs86x8e-lists-gro...@riseup.net> > >Never trust a dog with orange eyebrows -- A well regulated Militia, being necessary to the security of a free State, the right of the people to keep and bear Arms, shall not be infringed. https://www.colmena.biz/~justina/
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
