Encryption on Mailing lists sensless?

Schlacta, Christ aarcane at aarcane.org
Thu Nov 20 23:36:35 CET 2014


On Nov 20, 2014 1:58 PM, "Ingo Klöcker" <kloecker at kde.org> wrote:
>
> On Tuesday 18 November 2014 22:43:18 MFPA wrote:
> KMail encrypts an individual copy for each BCC recipient. I thought
> Thunderbird+Enigmail would also do this.
>
> Any mail client not doing this completely subverts BCC (unless
--throw-keyids
> or --hidden-recipient is used, but even throwing the key IDs still leaks
the
> number of hidden recipients).
There's nothing preventing a list server or mail client from intentionally
adding a pseudo random quantity of invalid or junk keys to the recipient
list, thus obfuscating the number of additional recipients, only providing
an upper bound to the estimate.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141120/1c03a58c/attachment.html>


More information about the Gnupg-users mailing list