Announcing Astroid v0.11

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sun Feb 4 10:32:47 PST 2018


On Sun 2018-02-04 18:52:22 +0100, Gaute Hope wrote:
> This is done to hide Bcc-recipients.

sure, but i'm wondering why you throw *all* keyids, instead of only the
key-ids of the bcc'ed people?

> As you say, GnuPG must try all the secret keys; but many 
> users use some sort of keyring to unlock their keys - in which case 
> the hassle is limited to a bit extra time. I don't have any stats on 
> this though!

right, but the sender can't know whether this is the case or not, i
think.

fwiw, i do agree with you that the onus is ultimately on the recipient's
MUA to fix this UI/UX disaster; but why force it on them in the case
where it doesn't actually eliminate any metadata leakage? (i.e., when
they're in To: or Cc: already, and not Bcc'ed)

      --dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20180204/33b9aa4b/attachment.sig>


More information about the notmuch mailing list