Re: Mail encryption, possible problem with SEMI

[Michael Welle <mwe012008@gmx.net>]

Hello,

Kazuhiro Ito wrote:
> 
> [1  <text/plain; US-ASCII (7bit)>]
> Hi,
> 
> > In mime-edit-encrypt-pgp-mime a recipient list is calculated. A
> > to-header like 'foo bar <foo@a.b>' is therefore parsed into three
> > elements 'foo', 'bar' and 'foo@a.b', which results in three key ids
> > (depending on the contents of your key ring). Unfortunately, the key
> > ids resulting from 'foo' and 'bar' are unrelated to this mail in my
> > case (tons of different keys can be found for foo). And even the key
> > found for foo@a.b might not be the one one want to use.
> 
> Please try attached patch (not tested for S/MIME nor gpg's named
> group).
thank you for the quick response. I applied the patch and it works for
me. Over the next days I will do more testing.

Well, the trouble is that the content you sent can be decrypted by
several people, not only by the person you sent it to (if the above
bug is active). I wonder if changes to the user interface can help to
avoid that? Maybe it's a good idea to show the keys used for
encryption and let the user optionally confirm them? Maybe even if
there is a key in your key ring that matches the recipient you don't
want to use it? So manipulating the key list before encrypting and
sending the mail might be desirably? Any opinions?

Regards
hmw


-- 
biff4emacsen - A biff-like tool for (X)Emacs
http://www.c0t0d0s0.de/biff4emacsen/biff4emacsen.html
Flood - Your friendly network packet generator
http://www.c0t0d0s0.de/flood/flood.html