[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: mail client implementations problem? bcc and encrypting to multiple recipients

To: "William H. Geiger III" <whgiii@xxxxxxxxxxx>
Subject: Re: mail client implementations problem? bcc and encrypting to multiple recipients
From: "L. Sassaman" <rabbi@xxxxxxxxxxx>
Date: Tue, 22 Aug 2000 12:44:57 -0700 (PDT)
Cc: sen_ml@xxxxxxxxxxx, ietf-openpgp@xxxxxxx, Terje Elde <terje@xxxxxxxx>
In-reply-to: <>
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Your point is valid, but in some cases requires that the authors of the
email programs do The Right Thing as well as the authors of the OpenPGP
program/plugin. (For instance, I don't believe that the PGP Outlook plugin
could be written in such a way that multiple single recipient messages
were sent out. That's an Outlook limitation.)

The speculative key-id feature would be something over which the OpenPGP
implementors could have full control (in just about all cases).


- --Len.

On Tue, 22 Aug 2000, William H. Geiger III wrote:

> In <Pine.LNX.4.21.QNWS_2.0008220041440.2335-100000@xxxxxxxxxxxxxxx>, on 08/22/00 
>    at 01:43 AM, "L. Sassaman" <rabbi@xxxxxxxxxxx> said:
> 
> >Why don't we make the "wild card" or "speculative" key id support a
> >SHOULD? I at least want to see all the client's being able to properly
> >decrypt messages that use this feature.
> 
> I don't have a problem with the speculative keyID support but it does not address the underlying problem: Implementors not understanding basic concepts of e-mail encryption. I came across the issue of KeyID leakage back in '96 and documented it at:
> 
> http://www.openpgp.net/pgpemail_5.html
> 
> Automated PGP processing can be a powerfull tool but there are complex issues involved and an application developer needs to spend the time at the design stage to do it properly.
> 
> -- 
> ---------------------------------------------------------------
> William H. Geiger III      http://www.openpgp.net  
> Geiger Consulting    
> 
> Data Security & Cryptology Consulting
> Programming, Networking, Analysis
>  
> PGP for OS/2:               http://www.openpgp.net/pgp.html
> E-Secure:                   http://www.openpgp.net/esecure.html
> ---------------------------------------------------------------
> 

__

L. Sassaman

Security Architect             |  "We all want many things,      
Technology Consultant          |   but some of those are bottomly
                               |   destructive of all desires."
http://sion.quickie.net        |               --Vernor Vinge

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5otg/PYrxsgmsCmoRAqb+AKDmykHO1lauFw7QdpX+1j2leKQfngCg9vYu
Vmaa8f8K1Y34rmcOv+BM1Us=
=82Ar
-----END PGP SIGNATURE-----

References:
- Re: mail client implementations problem? bcc and encrypting to multiple recipients
  - From: William H. Geiger III

Prev by Date: Re: mail client implementations problem? bcc and encrypting to multiple recipients
Next by Date: Re: mail client implementations problem? bcc and encrypting to multiple recipients
Previous by thread: Re: mail client implementations problem? bcc and encrypting to multiple recipients
Next by thread: Re: mail client implementations problem? bcc and encrypting to multiple recipients
Index(es):
- Date
- Thread