[Announce]GPGRemail v0.1 initial announcement

David Shaw dshaw@jabberwocky.com
Wed Nov 6 23:03:02 2002


On Wed, Nov 06, 2002 at 05:43:48PM +0100, Marc Mutz wrote:
Content-Description: signed data
> On Monday 04 November 2002 01:02, Paul Boehm wrote:
> <snip>
> >  * gpgremail reencrypts the mail with each recipients private key,
> >    and delivers the mail.
> >  * decrypt mail with your own private key.
> >
> > This is the first public release, so feedback of all kinds
> > (especially security related after-thoughts) are more than welcome!
> <snip>
> 
> Here we go: Do you do
> > foreach member in @members
> >	send( gpg( message, member ), member )
> or simply
> > send( gpg( message, members ), members )
> 
> Sorry for not looking at the code, but I'd suggest you do the first 
> approach, so that the messages stay smaller and - more importantly - 
> you don't leak the list of subscribers to each member.

There is also the possibility of using --throw-keyid to anonymize the
recipients.  Then you can do the latter, which allows you to benefit
from SMTP optimizations (sending mail to multiple users in at a given
domain but only transmitting it once, etc.)

The development GnuPG has much finer control over anonymous recipients
than 1.2.1.  You can turn the hiding on and off on a per-recipient
basis.

David

-- 
   David Shaw  |  dshaw@jabberwocky.com  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson