https://bugs.kde.org/show_bug.cgi?id=335117
Sandro Knauß <skna...@kde.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |WAITINGFORINFO Status|CONFIRMED |NEEDSINFO --- Comment #8 from Sandro Knauß <skna...@kde.org> --- Well no: See the way Kmail solves this problem of not leaking hidden information is different than eg Thunderbird does. Instead of sending one mail to everyone, as is normally done in Thunderbrd, KMail sends different mails to different recipients. One mail is encrypted for the "normal recipients (To + CC)" and sent only to them. And then, for each BCC recipient, one individual mail is created and sent, all of which are only encrypted for one single BCC recipient. So the BCC recipients DO NOT see the other keys and more importantly, the normal recipients DO NOT see the keys of the BCC recipients, as this information is sent in multiple (depending on the number of recipients and if they are To, CC or BCC) individual mails. I don't see any leakage of keys here. The hidden feature of gpg would be needed if KMail were to send only one mail to all recipients. But the way KMail solves this issue (as described above), this hidden feature is not needed. And additionally also with the -R feature the "normal recipients" would see: 'okay the mail was encrypted for additional keys' (but without knowing what these keys are). Since KMail sends two types of mail, independent of each other, no information leakage is possible. And not even the information that there are BCC recipients (ie, that there are two types of mail sent), is leaked. -- You are receiving this mail because: You are watching all bug changes.