[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
mail client implementations problem? bcc and encrypting to multiple recipients
through some testing of existing mail clients, Terje Elde
<terje@xxxxxxxx>, other members of the pgp-users@xxxxxxxxxxxxxxxx
mailing list, and i have noticed that bcc-ed recipient key id
information can be leaked to non-bcc-ed recipients.
it's probably obvious what the problem is, but for the sake of clarity:
for the purposes of sending a message to a group of recipients, some
mail clients create a single encrypted message body which is sent
out to all recipients, including bcc-ed recipients.
since this means that each recipient receives a message containing a
public key encrypted session key packet for each recipient, each recipient
is able to tell who all of the recipients were (assuming no use of
speculative key ids) -- or at least all key ids.
even if speculative key ids were to be used, a recipient would likely
be able to tell that there were other recipients than those implied
in the headers of a message. also, afaik, nai pgp doesn't support
speculative key ids, so in terms of interroperability it's not a great
option at this point.
we've found 5 mail clients that suffer this problem so far, so it
seems like it may be a common implementation "choice".
[ we have also received reports that at least a couple of mail clients
actually encrypt to each recipient separately and thus do not suffer
this problem. ]