Recipient inconstistence

Tue Aug 14 12:21:01 2001

On Tue, Aug 14, 2001 at 11:09:23AM +0200, Werner Koch wrote:

> That is how it should work (modulo status output) but I am not anymore

> sure whether this is a good idea:  If you want to send to Alice and

> Bob but due to a missing key you did not encrypt it for Bob, you will

> later have to resend the message to bob.  After receiving the first

> message, Alice must assume the message was only intended for her and

> act accordingly

I'm not confinced that this is in fact sensible, by doing it you are
assuming that I'm not in some way trying to cheat or break protocol. It
is just as easy for me to encrypt lots of copies, and send them
individually, as such, the analogue of an email Bcc: line. It should
perhaps be an option on what to do with unknown recipients, I do agree
that it's possible to do the wrong thing with the current default. However
your reasoning on Alice's part is broken. If Alice does that, then she's
not acting a good part in the protocol.

MBM

-- 
Matthew Byng-Maddick         <mbm@colondot.net>           http://colondot.net/