Questions about --throw-keyids

Bjarni Runar Einarsson bre at
Tue Feb 14 21:14:57 CET 2017

Hash: SHA1

Hi Justus, everyone,

Justus Winter <justus at> wrote:
> ... while adding another option may fix every small problem at hand, it
> creates a huge one that is even harder to fix: We have way too
> many options already.

I agree with this. Features aren't free, every extra feature and
option implies a long-term support burden and adds complexity to
the app.

Having given --throw-keyids and usability more thought, I have
come to the conclusion that for the use-cases I had in mind, I
won't use the feature at all.

Rather than generate a single encrypted e-mail with thrown keyids
and send to the entire group of recipients, it will be more user
friendly and easier to reason about (and maybe even more secure
in some cases) if I simply generate one e-mail per recipient.

This will cost more bytes on the wire, but network speeds and
disk storage have both increased many orders of magnitude faster
than the size of e-mails over the past years. If there was ever
an argument to complicate GnuPG in this way, in order to save
some bytes, that argument probably no longer applies.

Note that I don't consider it a (large enough) problem that an
e-mail to user A may "leak" the key ID of user A. As long as the
key IDs of other users in BCC are protected, I think that fulfils
the "promise" of e-mail's BCC semanitics and is "good enough."

At this stage, unless --throw-keyids (et. al) has important
applications which I am unaware of *outside* the world of e-mail
and BCC, I'd be tempted to suggest the whole family of options
are a mistake and should be deprecated. ;-)

Thanks for the useful replies and discussion!

 - Bjarni

Version: GnuPG v1


More information about the Gnupg-users mailing list