Recipient inconstistence
David Shaw
dshaw@jabberwocky.com
Tue Aug 14 18:47:02 2001
On Tue, Aug 14, 2001 at 12:45:34PM +0200, Werner Koch wrote:
> > your reasoning on Alice's part is broken. If Alice does that, then she's
> > not acting a good part in the protocol.
>
> It is more a practical problem. She replies and obviously can't
> encrypt for Bob but the MUA may have set Bob into the CC. It takes
> some time to pass all messages then again to Bob. I have made that
> experience several times and therefore I think it might be better for
> GnuPG to fail if any recipient is not valid so that it is obvious for
> the MUA not to send the message.
I think you are correct. The user asked GnuPG to do something
(encrypt to Bob and Alice). GnuPG couldn't do this, as Bob's key is
missing. Therefore, GnuPG should fail.
Security software that tries to be too helpful concerns me - if there
is a problem, I want to know about it :)
I'm not against an option that allows GnuPG to continue and encrypt
only to Alice, but I would argue it should be disabled by default.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson