GPG and BCC

p.h.delgado at xoxy.net p.h.delgado at xoxy.net
Fri Apr 11 10:37:10 CEST 2014


On 04/10/2014 04:03 PM, Nicolai Josuttis wrote:
> Recently I was reading
>    http://crypto.stanford.edu/portia/papers/bb-bcc.pdf

This article is quite misleading.

Encryption process knows nothing about the "bcc" functionality of the
e-mail system (or, indeed, any system) used to transport the generated
cipher-text. Cipher-text does, under normal MO, include the
identification of the keys of all the recipients when the message
is "encrypted for multiple recipients". While this can be circumvented, 
such practice introduces additional burden and fragility on the 
recipients and the transport system has no way of knowing it.

In short, GPG encrypted messages should never be encrypted to
multiple recipients if it is undesirable that they are able
to learn the identity of all the recipients. From that, every
recipient can learn public key and thus of the identity of all
the co-recipients. This would be the case no matter what is the
transportation system used to distribute the cipher-text. From
the e-mail system point of view, it would be the same as sending
a message to a list of bcc addresses but include the list of those
addresses in the body of the message itself.

delgado






More information about the Gnupg-users mailing list