[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: mail client implementations problem? bcc and encrypting to multiple recipients
In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@xxxxxxxxxxxxxxx>, on 08/22/00
at 01:43 AM, "L. Sassaman" <rabbi@xxxxxxxxxxx> said:
>Why don't we make the "wild card" or "speculative" key id support a
>SHOULD? I at least want to see all the client's being able to properly
>decrypt messages that use this feature.
I don't have a problem with the speculative keyID support but it does not address the underlying problem: Implementors not understanding basic concepts of e-mail encryption. I came across the issue of KeyID leakage back in '96 and documented it at:
http://www.openpgp.net/pgpemail_5.html
Automated PGP processing can be a powerfull tool but there are complex issues involved and an application developer needs to spend the time at the design stage to do it properly.
--
---------------------------------------------------------------
William H. Geiger III http://www.openpgp.net
Geiger Consulting
Data Security & Cryptology Consulting
Programming, Networking, Analysis
PGP for OS/2: http://www.openpgp.net/pgp.html
E-Secure: http://www.openpgp.net/esecure.html
---------------------------------------------------------------