Re: Announcing Astroid v0.11

Subject: Re: Announcing Astroid v0.11

Date: Sun, 04 Feb 2018 10:37:50 -0500

To: Gaute Hope, astroidmail@googlegroups.com, notmuch@notmuchmail.org

Cc:

From: Daniel Kahn Gillmor

Hi Gaute--

On Sun 2018-02-04 11:46:20 +0100, Gaute Hope wrote:
> Astroid v0.11 has been released!

Congratulations -- it's great to see this progress! :)

> * Always throw key-id when sending (using GMime 3)

Can you explain this choice?  As someone who receives mail with a thrown
key-id, and as someone who has multiple secret keys, the user experience
of receiving encrypted mail like this is *terrible*.  (terrible to the
point of me wanting to ask people who do this for normal mail to just
send me mail in the clear in the future :( )

In particular: GnuPG doesn't know which key to use, so it prompts me for
passphrases for *all* of the secret keys i control, in succession.

I understand the desire to reduce metadata leakage.  But if you're
wrapping the PGP/MIME application/pgp-encrypted part in an RFC822
message that contains a header with the person's e-mail address anyway,
it's not clear that there has been a significant reduction of cleartext
metadata.  So this seems like a bad tradeoff for any case where the
recipient is explicitly specified (i.e., not in Bcc:)

Regards,

        --dkg
signature.asc (application/pgp-signature)
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: