Just a thought
David Shaw
dshaw at jabberwocky.com
Mon Apr 27 16:23:03 CEST 2009
On Apr 27, 2009, at 7:04 AM, Harakiri wrote:
>>> I'm not sure if Enigmail has sufficient control
>> here (due to the
>>> Thunderbird restrictions), but if possible, it might
>> be wise to handle
>>> Bcc's recipients with --hidden-recipient instead
>> of --recipient (i.e.
>>> "-r"). That would better duplicate the
>> standard expectations of a
>>> user using Bcc: the regular recipients can all see who
>> the recipients
>>> are, but not the Bcc'd people. As things stand
>> now, any recipient can
>>> see who was Bcc'd, which sort of removes the
>> "B" from the Bcc.
>>
>> Excellent suggestion, David. Thank you.
>>
>> Filed as an RFE in Bugzilla:
>> https://www.mozdev.org/bugs/show_bug.cgi?id=20867
>
> Bad idea, read my comment on the bug - what good is a setting when
> you can only communicate with people which use GPG - and the other
> 80% which use PGP Desktop cant decrypt your message?
I don't think I was nearly clear enough. My thought is that since the
current Bcc doesn't actually give you Bcc - it's essentially a Cc (non-
blind), it might be better to --hidden-recipient those on the Bcc
line. Completely true that it means that PGP users can't be the Bcc
people, but it is not at all true that it blocks all PGP users. PGP
quite happily ignores hidden recipients, as per the RFC (it isn't
required to implement them, but it is required to not blow up when it
sees them).
Sure, PGP people don't benefit from the Bcc... but they don't benefit
now either. At least this allows for someone to benefit, rather than
nobody.
I don't think this really lets you get rid of the warning message from
Enigmail, though. The user may not know if a given user is using PGP
or GPG, and needs to be warned that a PGP user on the Bcc line won't
be able to decrypt.
David
More information about the Gnupg-users
mailing list