how to read sent & encrypted mails
Thu, 16 Nov 2000 15:16:51 +0900 (JST)
From: Christoph Hertel <firstname.lastname@example.org>
Subject: how to read sent & encrypted mails
Date: Wed, 15 Nov 2000 19:48:34 +0100
> Whenever I send encrypted mail, it is put in my sent-folder, too. The
> problem is, I cannot read it, since it is encrypted to the recipient.
> What should I do? Send a Bcc to myself and double-encrypt the message?
> That works (lovely mua called mutt). The mail just gets a little bigger
> (or does the size double?)
the message should only be a little bit larger because the way this is
probably done is that an extra pk encrypted session key is added to
the message (small) -- see rfc 2440 if interested.
> Does this confuse the average pgp(gpg)-user? Are there better solutions?
> Am I the first who has this problem? Can anybody give me an argument,
> why I should not double-encrypt my mail or why *only* the recipient
> should able to read a message.
1) if your secret key is compromised later and someone has access to
messages you sent via recipients, then they can read those messages if
you use "encrypt-to-self" features.
2) if you are not using the "speculative keyid" feature (see rfc 2440)
-- which you probably aren't if you are sending to users who are using
pgp (i.e. not gnupg) -- you are giving away your keyid info. not a
big deal for most situations because you're likely doing that via the
envelope and message headers, but a problem if you have disguised
those through other means.
my preference is for the mua to create two separate messages -- one
encrypted to the recipient which is sent off and one stored for later
reference (encrypted or not -- an option perhaps).
i don't know of an mua/client which will do this. perhaps the mutt
authors can be convinced to do so, if mutt doesn't already ;-)
iirc, adam back made some comments about this earlier this year after
the adk bug incident. i think those comments may have been forwarded
to some pgp list (may be email@example.com?).
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to firstname.lastname@example.org