Daniel Kahn Gillmor writes on februar 4, 2018 16:37:
On Sun 2018-02-04 11:46:20 +0100, Gaute Hope wrote:* Always throw key-id when sending (using GMime 3)Can you explain this choice? As someone who receives mail with a thrown key-id, and as someone who has multiple secret keys, the user experience of receiving encrypted mail like this is *terrible*. (terrible to the point of me wanting to ask people who do this for normal mail to just send me mail in the clear in the future :( ) In particular: GnuPG doesn't know which key to use, so it prompts me for passphrases for *all* of the secret keys i control, in succession. I understand the desire to reduce metadata leakage. But if you're wrapping the PGP/MIME application/pgp-encrypted part in an RFC822 message that contains a header with the person's e-mail address anyway, it's not clear that there has been a significant reduction of cleartext metadata. So this seems like a bad tradeoff for any case where the recipient is explicitly specified (i.e., not in Bcc:)
Hi Daniel,This is done to hide Bcc-recipients. As you mention - and you know all this, but I'll list it for the sake of discussion - any Bcc-recipients would be listed as GPG recipients and would thus be exposed (which could be critical / embarassing). Of course the number of anonymous recipients does not match the visible receivers with Bcc-recipients. As a side-note it is theoretically possible to set the GPG-recipient-key to arbitrary values independent of the actual recipients. There has been some discussion on the issue on #astroid, and ideally we should make this optionable, default off (configurable) - with a warning before sending when Bcc-recipients are listed and keys are not thrown. (Note that this would also leak meta-data, since if keys are only thrown when there are Bcc-recipients you have another hint that there are Bcc-recipients, see above.)
As you say, GnuPG must try all the secret keys; but many users use some sort of keyring to unlock their keys - in which case the hassle is limited to a bit extra time. I don't have any stats on this though!
Description: PGP signature
_______________________________________________ notmuch mailing list email@example.com https://notmuchmail.org/mailman/listinfo/notmuch