[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mail client implementations problem? bcc and encrypting to multiple recipients



In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@thetis.deor.org>, on 08/22/00 
   at 01:43 AM, "L. Sassaman" <rabbi@quickie.net> said:

>Why don't we make the "wild card" or "speculative" key id support a
>SHOULD? I at least want to see all the client's being able to properly
>decrypt messages that use this feature.

I don't have a problem with the speculative keyID support but it does not address the underlying problem: Implementors not understanding basic concepts of e-mail encryption. I came across the issue of KeyID leakage back in '96 and documented it at:

http://www.openpgp.net/pgpemail_5.html

Automated PGP processing can be a powerfull tool but there are complex issues involved and an application developer needs to spend the time at the design stage to do it properly.

-- 
---------------------------------------------------------------
William H. Geiger III      http://www.openpgp.net  
Geiger Consulting    

Data Security & Cryptology Consulting
Programming, Networking, Analysis
 
PGP for OS/2:               http://www.openpgp.net/pgp.html
E-Secure:                   http://www.openpgp.net/esecure.html
---------------------------------------------------------------