Re: mail client implementations problem? bcc and encrypting to multiple recipients

[Terje Elde <terje@xxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

* L. Sassaman (rabbi@xxxxxxxxxxx) [000823 21:29]:
> > The user *will* have to decrypt multiple secret keys if such exist. Perhaps a
> > recommendation that non-encrypted keys be tried first is an idea?
> 
> I actually would like to see the default key tried first, since that makes
> more sense in my mind... but now we're in the realm of specific
> implementation methods.

True.

Giving a few notes for authors to reflect over isn't a bad thing though, is
it?

Trying to use the default key first isn't a bad idea. It's the one that's got
the better chance of being a hit. Un-encrypted keys take no time to check
however, and you can spare the user from having to enter the passphrase.

I also thing that the places you'll be using speculative KeyID's are also the
places where the chances of encrypting to a key with no passphrase are
highest, as many will simply want to get the mail securely from sniffers, and
not have to decrypt ever single message.

Just a thought...

> > Actually, this might be of some concern. You could effectively send a email
> > using speculative KeyID, which would make the user decrypt all his key in
> > turn, thus providing a attacker with access to keyboard with passphrases to
> > *all* his KeyID's, including keys the user might have made to be extra secure,
> > and not for normal use (root keys etc).
> 
> You could automatically try the default key, and then give the user the
> list of keys remaining to try, and he can pick which ones.
> 
> And you can always have a "disable speculative key" option.

Both great ideas. :)

Terje
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE5pOtr8HLgLrwmRg0RAioDAJwIJM37UWRptyWZNal7LKwINL/tVgCglyih
yYncR/9JfUoXOJRvCiDsVeo=
=z859
-----END PGP SIGNATURE-----