From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 698886DE024E for ; Sun, 4 Feb 2018 23:33:45 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.015 X-Spam-Level: X-Spam-Status: No, score=-0.015 tagged_above=-999 required=5 tests=[AWL=0.005, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vKXZZikVvkWm for ; Sun, 4 Feb 2018 23:33:44 -0800 (PST) Received: from mail-lf0-f50.google.com (mail-lf0-f50.google.com [209.85.215.50]) by arlo.cworth.org (Postfix) with ESMTPS id A56EA6DE0151 for ; Sun, 4 Feb 2018 23:33:43 -0800 (PST) Received: by mail-lf0-f50.google.com with SMTP id 63so40291216lfv.4 for ; Sun, 04 Feb 2018 23:33:43 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gaute-vetsj-com.20150623.gappssmtp.com; s=20150623; h=date:from:subject:to:references:in-reply-to:mime-version:user-agent :message-id; bh=eondCm3gAdX018lAMHrF41uNYss4j4ot3eMlfCktYSo=; b=0tOO2HxiMT3eX5kRL1QlUoSi07220gMfyZTFlB8I8UEOyHOvKLjnhVtSNV97lqZMLv XV4L+t8LkMaiAD+zkeOBKd5VPpCk73OUlVgtpNl7IAnpFQz06mGkwZ5Rf4r7/KAG7fhI zbWmeAw3o9MhNC9jJdZB/s8QRPceWn2KVMiAPrlfKE/dvgZvYgOnI9gb9FLgkITrx1Kq XaYuY2cL1FgDMGMt4DZwZtmG/5XtfDXOhprNRZqc7JtL20wuWlYjQBO+i8dTr8cXJcpD iJp6qWFy0L+DWn4wmv6EY8woiUfIgEetrs3DswqvRuNRg5afNJq1WOxmThnQkYQQ/NG8 dz4w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:subject:to:references:in-reply-to :mime-version:user-agent:message-id; bh=eondCm3gAdX018lAMHrF41uNYss4j4ot3eMlfCktYSo=; b=S91tGWaSgLjOcaFsT/BNcUBSs+d+CoXfRfLUcjw1qDWvmbWAtkna21FPdkAEnRd53V e/qjLNPVMeg6ZmipXqwzprdLMvSax67r48wW/WI6KsES6S+dj57r44Uva2QbX4jeqGQb obaqpAxrNsKMYxSxa1qZJ0O/4xmd1DCjN1quAC1CtL3Hhx0YtHO7UkD2lXKCj4aGnR4u /NkHP5m6hS59mGwzQNM477nM1XbL7V09qT8/5Ep02ugBDr6ev9H2QFqowuRLLGNbhFta rmLK9ffAx8x39hf7RJXkrspfMRBRlCvB1IyesBfIK2+ezNKsuv2H+BMxZHfk4vnsD6BX D2Lg== X-Gm-Message-State: AKwxytc9rnZ1Qd1+q8ATmlmzi2XWiMTJ6UDHKUw3vjgZJz/dKCjmAfWF kvIaJ8zmr/SQAVx/GDv9UaOTPw== X-Google-Smtp-Source: AH8x2278t1B1Y4Fv4RdHjP7kjLfgQ4BHeAfWOxBSx2xv/Pim2MzHTj3DKJbF8fSJZ9ddG8LzFdUJsw== X-Received: by 10.25.190.203 with SMTP id o194mr31038202lff.120.1517816021324; Sun, 04 Feb 2018 23:33:41 -0800 (PST) Received: from localhost (cm-84.215.128.252.getinternet.no. [84.215.128.252]) by smtp.gmail.com with ESMTPSA id v11sm1665120ljv.11.2018.02.04.23.33.39 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 04 Feb 2018 23:33:39 -0800 (PST) Date: Mon, 05 Feb 2018 08:33:36 +0100 From: Gaute Hope Subject: Re: Bcc, throw-keyids, and metadata hiding [was: Re: Announcing Astroid v0.11] To: astroidmail@googlegroups.com, Daniel Kahn Gillmor , notmuch@notmuchmail.org References: <1517741078.emojmmucvz.astroid@strange.none> <87y3k822b5.fsf@fifthhorseman.net> <1517765623.i18bm10e0r.astroid@strange.none> <87mv0o1u7k.fsf@fifthhorseman.net> <1517771221.hi89l1togg.astroid@strange.none> <87bmh41mk5.fsf@fifthhorseman.net> <87372g1b9n.fsf@fifthhorseman.net> In-Reply-To: <87372g1b9n.fsf@fifthhorseman.net> MIME-Version: 1.0 User-Agent: astroid/v0.10.2-26-g61e8fdce (https://github.com/astroidmail/astroid) Message-Id: <1517815399.2w186vjjm2.astroid@strange.none> Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg=pgp-sha256; boundary="=-Xph7dEG2qJSl8FfE0nKc" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 05 Feb 2018 07:33:45 -0000 --=-Xph7dEG2qJSl8FfE0nKc Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable Daniel Kahn Gillmor writes on februar 5, 2018 2:21: > On Sun 2018-02-04 16:18:02 -0500, Daniel Kahn Gillmor wrote: >> Well, i guess you could limit it to two copies total: one copy is to all >> Bcc'ed recipients, and one copy to all non-Bcc'ed recipients. you'd >> want to make sure that you got the same Message-ID on each generated >> copy, of course. >> >> That avoids even the count of the Bcc recipients going out to the >> non-bcc folks, too, which is a nice outcome. =20 > To avoid (b), you could do one copy of the message per Bcc'ed address, > and never throw keyids at all. >=20 > This isn't an extra metadata leak, because the bcc'ed person's e-mail > address will be put in the SMTP envelope (and, likely, in Delivered-To or > other equivalent headers appended by the MTA). >=20 > So it's N + 1 copies of the message, where N is the number of Bcc'ed > individuals. This also removes any leak of the number of Bcc'ed > individuals from the Bcc'ed message. Yes; this seems like the ultimate approach to this problem, unless=20 it will be possible for GPG to completely hide receivers - I am guessing=20 this is inherently impossible?=20 A couple of concerns, some of them UI: * What if one of the e-mails go through and not the other, especially=20 from an UI perspective - how do you modify and re-send just that copy=20 of the e-mail. * What if you want to reply-all to your own e-mail, in notmuch land the=20 messages with the same ID will be joined together. An UI could do=20 differently, but either way all the information about receivers you=20 need is in different files. Realistically; I think the approach using optional/configurable - and if=20 possible: custom `hidden-receivers` [0] - is much faster to implement + eas= ier=20 to get right. In other words, I would very much like to see a proper=20 implementation of the multiple-messages approach, but unless someone=20 else is able to help out, I will probably go for the simpler approach at=20 first. Regards, Gaute [0] https://github.com/jstedfast/gmime/issues/45 = --=-Xph7dEG2qJSl8FfE0nKc Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEwTgvpR+zk9CtKEuvmCen6KB0kCMFAlp4CNAACgkQmCen6KB0 kCNSLQ/9HOtKjeQ/f6owquW9gtyWsKC7rhR1GaaLzKcsAVpODHggc18TjHuxE0Ol WxFz8h67nE3EFT3KqcpTUKKxC+AVlK76b5in7tQZMg2Vo0jnreKnGg2c9gKibIYj hhPc2sKcam1KdnTnruB5Q024CMuWEnuoNr6tsgJyJuhjWlG3spXbPTdeV7jV0Sh5 0NQrXSnjQMbxsGFLb429SORAULfF5DM90vRJ9jvNoNw+oC2Au9VbHqt8rFze/HXn 0rCDo3Jk06bOukCvDSWA3gSMWasXJGyNwCZkPphk/PQGvIzZtZoTfrgMTHWBq+OD oMkCUCEiUimB8Jh1OOd5mBqUQAAYSkvbUvleU35tn5TwE9D/Rlohb4T5q+uZS074 E60fKaNBMawcP34y5hv8/swrM4VLkW1t2cZyKxaaQ2QagJlgOjovoHLlmcDcbcDW eHMAScwPYtPyogu7L9yLGoLcGLDHUXIkcUC4sftjyypWoT41S/6aCJt8HprQjOop KazGV1AhM1Y/Jij1aPVDEJuPFs8YMLkDh9FqZ+HaK6qxZknaPsaSOmlGF9latYyj 7nbPXSCmMQOt7Qw09WqVpTrTkZ3vd6glovM64YCuRonXV6woxk1/32kxP+kGo/d+ T4Tfe5wSlMij9ZIJ+YCo6//XL50c3xvq6v7qrpknrhAtfWdNWl8= =KIUO -----END PGP SIGNATURE----- --=-Xph7dEG2qJSl8FfE0nKc--