Encryption on Mailing lists sensless?
kloecker at kde.org
Sat Nov 22 00:49:00 CET 2014
On Thursday 20 November 2014 14:36:35 Schlacta, Christ wrote:
> On Nov 20, 2014 1:58 PM, "Ingo Klöcker" <kloecker at kde.org> wrote:
> > On Tuesday 18 November 2014 22:43:18 MFPA wrote:
> > KMail encrypts an individual copy for each BCC recipient. I thought
> > Thunderbird+Enigmail would also do this.
> > Any mail client not doing this completely subverts BCC (unless
> > or --hidden-recipient is used, but even throwing the key IDs still leaks
> > number of hidden recipients).
> There's nothing preventing a list server or mail client from intentionally
> adding a pseudo random quantity of invalid or junk keys to the recipient
> list, thus obfuscating the number of additional recipients, only providing
> an upper bound to the estimate.
Adding additional junk keys doesn't help if the recipient (or the recipients)
expect a certain number of recipients. If the message is encrypted to more
than (expected number of recipients)+1 (for encrypt to sender) then the
recipients most likely will wonder who the other recipients are. You'll have a
hard time convincing them that the "other recipients" are just fakes to
confuse a third party intercepting the messages.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 198 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users