Questions about --throw-keyids

Bjarni Runar Einarsson bre at pagekite.net
Tue Feb 14 21:14:57 CET 2017 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Justus, everyone,

Justus Winter <justus at g10code.com> wrote:
> 
> ... while adding another option may fix every small problem at hand, it
> creates a huge one that is even harder to fix: We have way too
> many options already.

I agree with this. Features aren't free, every extra feature and
option implies a long-term support burden and adds complexity to
the app.

Having given --throw-keyids and usability more thought, I have
come to the conclusion that for the use-cases I had in mind, I
won't use the feature at all.

Rather than generate a single encrypted e-mail with thrown keyids
and send to the entire group of recipients, it will be more user
friendly and easier to reason about (and maybe even more secure
in some cases) if I simply generate one e-mail per recipient.

This will cost more bytes on the wire, but network speeds and
disk storage have both increased many orders of magnitude faster
than the size of e-mails over the past years. If there was ever
an argument to complicate GnuPG in this way, in order to save
some bytes, that argument probably no longer applies.

Note that I don't consider it a (large enough) problem that an
e-mail to user A may "leak" the key ID of user A. As long as the
key IDs of other users in BCC are protected, I think that fulfils
the "promise" of e-mail's BCC semanitics and is "good enough."

At this stage, unless --throw-keyids (et. al) has important
applications which I am unaware of *outside* the world of e-mail
and BCC, I'd be tempted to suggest the whole family of options
are a mistake and should be deprecated. ;-)

Thanks for the useful replies and discussion!

Cheers,
 - Bjarni

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJYo2U4AAoJEI4ANxYAz5SR0WoH/RwGIKgZ80Pb0p7d4TZcxGMf
6OsQyYg1XCbebRRYoJ9QUEisAr1aa86OipTbJ2G8D60jZ6XJtOXn25FCacCERymT
rvsorpS5H/1/TFf2UzX5/9mXDeGyiYJQIkAHCK6bloAUyYPkTY9Q8wbylQCJ34jL
rN7/xLfdu8OW2Afcba6GbuDGfuyLoYI6oEEhCwJtKGAHNMZ02SMJ40mwwXzadyNq
xuVoygH7rakPgEvj1cvyb1yxJxdDdlwMLRU3tSo5JfKQCEXEC4F6/nmJ7p7jelVv
mPX4obDlOpc5sQ3u0Zskwj0C7ex/0uNyHDILuW5cXib30KXqa/3MoNHC09OlW2I=
=DpjD
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list