Re: mail client implementations problem? bcc and encrypting to multiple recipients

["L. Sassaman" <rabbi@xxxxxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Wed, 23 Aug 2000, Terje Elde wrote:

> The user *will* have to decrypt multiple secret keys if such exist. Perhaps a
> recommendation that non-encrypted keys be tried first is an idea?

I actually would like to see the default key tried first, since that makes
more sense in my mind... but now we're in the realm of specific
implementation methods.
 
> Actually, this might be of some concern. You could effectively send a email
> using speculative KeyID, which would make the user decrypt all his key in
> turn, thus providing a attacker with access to keyboard with passphrases to
> *all* his KeyID's, including keys the user might have made to be extra secure,
> and not for normal use (root keys etc).

You could automatically try the default key, and then give the user the
list of keys remaining to try, and he can pick which ones.

And you can always have a "disable speculative key" option.


- --Len.

__

L. Sassaman

Security Architect             |  "We all want many things,      
Technology Consultant          |   but some of those are bottomly
                               |   destructive of all desires."
http://sion.quickie.net        |               --Vernor Vinge

-----BEGIN PGP SIGNATURE-----
Comment: OpenPGP Encrypted Email Preferred.

iD8DBQE5pCYDPYrxsgmsCmoRAvhKAKDGEWEVEeWa00nrTys363LLzaKF5gCg0djj
ZaHNWk3gnGwfDfj4dYPaWos=
=GUWm
-----END PGP SIGNATURE-----