[Announce]GPGRemail v0.1 initial announcement
David Shaw
dshaw@jabberwocky.com
Wed Nov 6 23:03:02 2002
On Wed, Nov 06, 2002 at 05:43:48PM +0100, Marc Mutz wrote:
Content-Description: signed data
> On Monday 04 November 2002 01:02, Paul Boehm wrote:
> <snip>
> > * gpgremail reencrypts the mail with each recipients private key,
> > and delivers the mail.
> > * decrypt mail with your own private key.
> >
> > This is the first public release, so feedback of all kinds
> > (especially security related after-thoughts) are more than welcome!
> <snip>
>
> Here we go: Do you do
> > foreach member in @members
> > send( gpg( message, member ), member )
> or simply
> > send( gpg( message, members ), members )
>
> Sorry for not looking at the code, but I'd suggest you do the first
> approach, so that the messages stay smaller and - more importantly -
> you don't leak the list of subscribers to each member.
There is also the possibility of using --throw-keyid to anonymize the
recipients. Then you can do the latter, which allows you to benefit
from SMTP optimizations (sending mail to multiple users in at a given
domain but only transmitting it once, etc.)
The development GnuPG has much finer control over anonymous recipients
than 1.2.1. You can turn the hiding on and off on a per-recipient
basis.
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson