Re: Announcing Astroid v0.11

Subject: Re: Announcing Astroid v0.11

Date: Sun, 04 Feb 2018 18:52:22 +0100

To:, Daniel Kahn Gillmor,


From: Gaute Hope

Daniel Kahn Gillmor writes on februar 4, 2018 16:37:
> On Sun 2018-02-04 11:46:20 +0100, Gaute Hope wrote:
>> * Always throw key-id when sending (using GMime 3)
> Can you explain this choice?  As someone who receives mail with a thrown
> key-id, and as someone who has multiple secret keys, the user experience
> of receiving encrypted mail like this is *terrible*.  (terrible to the
> point of me wanting to ask people who do this for normal mail to just
> send me mail in the clear in the future :( )
> In particular: GnuPG doesn't know which key to use, so it prompts me for
> passphrases for *all* of the secret keys i control, in succession.
> I understand the desire to reduce metadata leakage.  But if you're
> wrapping the PGP/MIME application/pgp-encrypted part in an RFC822
> message that contains a header with the person's e-mail address anyway,
> it's not clear that there has been a significant reduction of cleartext
> metadata.  So this seems like a bad tradeoff for any case where the
> recipient is explicitly specified (i.e., not in Bcc:)

Hi Daniel,

This is done to hide Bcc-recipients. As you mention 
- and you know all this, but I'll list it for the sake of discussion - 
any Bcc-recipients would be listed as GPG recipients and would thus be 
exposed (which could be critical / embarassing). Of course the number 
of anonymous recipients does not match the visible receivers with 
Bcc-recipients. As a side-note it is theoretically possible to set the GPG-recipient-key to arbitrary values independent of the actual recipients. 

There has been some discussion on the issue on #astroid, and ideally we 
should make this optionable, default off (configurable) - with a warning 
before sending when Bcc-recipients are listed and keys are not thrown. 
(Note that this would also leak meta-data, since if keys are only thrown 
when there are Bcc-recipients you have another hint that there are Bcc-recipients, see above.)

As you say, GnuPG must try all the secret keys; but many 
users use some sort of keyring to unlock their keys - in which case 
the hassle is limited to a bit extra time. I don't have any stats on 
this though!

Regards, Gaute

part-000.sig (application/pgp-signature)