Just a thought

David Shaw dshaw at jabberwocky.com
Mon Apr 27 16:23:03 CEST 2009

On Apr 27, 2009, at 7:04 AM, Harakiri wrote:

>>> I'm not sure if Enigmail has sufficient control
>> here (due to the
>>> Thunderbird restrictions), but if possible, it might
>> be wise to handle
>>> Bcc's recipients with --hidden-recipient instead
>> of --recipient (i.e.
>>> "-r").  That would better duplicate the
>> standard expectations of a
>>> user using Bcc: the regular recipients can all see who
>> the recipients
>>> are, but not the Bcc'd people.  As things stand
>> now, any recipient can
>>> see who was Bcc'd, which sort of removes the
>> "B" from the Bcc.
>> Excellent suggestion, David. Thank you.
>> Filed as an RFE in Bugzilla:
>> https://www.mozdev.org/bugs/show_bug.cgi?id=20867
> Bad idea, read my comment on the bug - what good is a setting when  
> you can only communicate with people which use GPG - and the other  
> 80% which use PGP Desktop cant decrypt your message?

I don't think I was nearly clear enough.  My thought is that since the  
current Bcc doesn't actually give you Bcc - it's essentially a Cc (non- 
blind), it might be better to --hidden-recipient those on the Bcc  
line.  Completely true that it means that PGP users can't be the Bcc  
people, but it is not at all true that it blocks all PGP users.  PGP  
quite happily ignores hidden recipients, as per the RFC (it isn't  
required to implement them, but it is required to not blow up when it  
sees them).

Sure, PGP people don't benefit from the Bcc... but they don't benefit  
now either.  At least this allows for someone to benefit, rather than  

I don't think this really lets you get rid of the warning message from  
Enigmail, though.  The user may not know if a given user is using PGP  
or GPG, and needs to be warned that a PGP user on the Bcc line won't  
be able to decrypt.


More information about the Gnupg-users mailing list