On 2015-12-26, at 22:34, Lars Ingebrigtsen wrote:

> Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
>
>> 4. Send an encrypted e-mail to yourself, with one To address and one
>>    Bcc address.  Read the mail received under the To address, where
>>    you should not be able to identify the Bcc recipient.
>>    Note that buffer *epg-debug* mentions that the message was
>>    encrypted to two keys (including both key IDs and e-mail
>>    addresses).  The Bcc recipient is clearly visible.
>
> [...]
>
>> On 2014-09-21 I posted some suggestions to the ding mailing list
>> concerning my package DefaultEncrypt, which contains a workaround.
>
> Would it be possible for you to create a patch for this against the
> version of Message in 25.1?

A patch is attached.  The new function mml-secure-bcc-is-safe does
nothing on its own but can be added to message-send-hook or called
from message-send and friends.

Concerning documentation: I’m currently involved in a refactoring
effort for encryption related functionality, which takes place in
the Gnus git under branch mml-refactoring.  There, Message
documentation is already extended with a section “Bcc Warning” which
could be extended.

(Also, gnus-subsetp, which is part of this patch, is already present
in the branch mml-refactoring.)

Best wishes
Jens