On Thu, 2001-11-29 at 15:33, Jeffrey Stedfast wrote: > THIS IS A BUG IN GPG!!!!! > > gpg tells us everything went fine, so Evolution has no way of knowing > that it didn't encrypt to all the recipients we told it to encrypt to, > thus it's not our fault.
Yuck. There's actually several of these bugs, probably all in GPG. 1) Mail to people with unsigned keys silently encrypts to the sender only. 2) Signature verification of unvalidated keys shows a big success icon (but the accompanying text warns about the problem). 3) I *think* that e-mail to people without keys also encrypts to sender only. Anyway, I'm a fairly intensive GPG user, so I have a few features on a wishlist. All of these are security-related. A) The ability to save a passphrase for (say) 10 minutes without saving it indefinitely. This lets me read mail without endlessly retyping my (really long) passphrase, but doesn't allow me to accidentally save it when I walk away from the computer for a few hours. B) The ability to encrypt all mail to certain addresses by default. There are several people to whom I should *always* encrypt my e-mail, for security reasons. But every once in a while, I'll forget to check the box on the menu. Very, very bad. C) The option to encrypt all responses to encrypted e-mail. If somebody sent me something encrypted, it's presumably private. But if Evolution quotes the original message in my reply, and I forget to check the menu box, I'm screwed. I've convinced Mutt to handle case (B) and (C). But Evolution is much nicer mailer than Mutt, and I'd like to be able to use it without taking quite so many security risks. I'm a US citizen, so I don't know if I can contribute code to this effort. But if were legal for me to do so, I'd be more than happy to help. Thank you for all your cool PGP-hackery. Cheers, Eric _______________________________________________ evolution-hackers maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution-hackers
