Recipient inconstistence

David Shaw dshaw at
Tue Aug 14 19:47:02 CEST 2001

On Tue, Aug 14, 2001 at 12:45:34PM +0200, Werner Koch wrote:

> > your reasoning on Alice's part is broken. If Alice does that, then she's
> > not acting a good part in the protocol.
> It is more a practical problem.  She replies and obviously can't
> encrypt for Bob but the MUA may have set Bob into the CC.  It takes
> some time to pass all messages then again to Bob.  I have made that
> experience several times and therefore I think it might be better for
> GnuPG to fail if any recipient is not valid so that it is obvious for
> the MUA not to send the message.

I think you are correct.  The user asked GnuPG to do something
(encrypt to Bob and Alice).  GnuPG couldn't do this, as Bob's key is
missing.  Therefore, GnuPG should fail.

Security software that tries to be too helpful concerns me - if there
is a problem, I want to know about it :)

I'm not against an option that allows GnuPG to continue and encrypt
only to Alice, but I would argue it should be disabled by default.


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list