From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 8CCAB6DE020D for ; Sun, 4 Feb 2018 09:04:26 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.01 X-Spam-Level: X-Spam-Status: No, score=-0.01 tagged_above=-999 required=5 tests=[AWL=-0.010] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EclAmc6y159m for ; Sun, 4 Feb 2018 09:04:25 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 95B6C6DE01D0 for ; Sun, 4 Feb 2018 09:04:25 -0800 (PST) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id 02ACFF99A; Sun, 4 Feb 2018 12:04:22 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id C188E20659; Sun, 4 Feb 2018 10:37:53 -0500 (EST) From: Daniel Kahn Gillmor To: Gaute Hope , astroidmail@googlegroups.com, notmuch@notmuchmail.org Subject: Re: Announcing Astroid v0.11 In-Reply-To: <1517741078.emojmmucvz.astroid@strange.none> References: <1517741078.emojmmucvz.astroid@strange.none> Date: Sun, 04 Feb 2018 10:37:50 -0500 Message-ID: <87y3k822b5.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.24 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 04 Feb 2018 17:04:26 -0000 --=-=-= Content-Type: text/plain Hi Gaute-- On Sun 2018-02-04 11:46:20 +0100, Gaute Hope wrote: > Astroid v0.11 has been released! Congratulations -- it's great to see this progress! :) > * Always throw key-id when sending (using GMime 3) Can you explain this choice? As someone who receives mail with a thrown key-id, and as someone who has multiple secret keys, the user experience of receiving encrypted mail like this is *terrible*. (terrible to the point of me wanting to ask people who do this for normal mail to just send me mail in the clear in the future :( ) In particular: GnuPG doesn't know which key to use, so it prompts me for passphrases for *all* of the secret keys i control, in succession. I understand the desire to reduce metadata leakage. But if you're wrapping the PGP/MIME application/pgp-encrypted part in an RFC822 message that contains a header with the person's e-mail address anyway, it's not clear that there has been a significant reduction of cleartext metadata. So this seems like a bad tradeoff for any case where the recipient is explicitly specified (i.e., not in Bcc:) Regards, --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEzicvlOwymaWlnoHjyu+ogyFnUzMFAlp3KM4ACgkQyu+ogyFn UzNT4g//YoTaRMurfw3KlYWy1w8JMKJfWx72JfvFpCQvcVtmDXbPP/aP5FvDmiTW 9ag6MAAtmZArQXJxEXez6fwPbvob9N+bBCsM/0fF58lLCrThbQXrQEz/BKmySTjJ XW561A/7XD9rLpTKXIrI8M//vYGY++KjFLYwgR38oTrSEiMD37Ll2/IoNT0bBNoE dbHtZw07TybNzwOwKs9plCELwiAdYeE9lJPXyOLNLu/+/HdWL3bxD9/tDRK3cwAw tDlyQqpTqgxSxxmMqmqHl/BNORYDIc0g+GKdxoImxmeucsCykZdiDlnsNnvq9T6X tci5aUvzswgg9jZH/B9LYqsEZmdPihPiiZ69s3hkP3zR7dnDKw/3ELgPAq8ykiuE 5Fumbx/TdeAjUCNA6oV4MkSnHCNvgNq9y+F5qXvpneaytFLLD0f40jh/Q9Hq2TaF wqnOvRsdfeb/QiStsfMh4+yeJ4h+U8DOPKf2veOvDH5O0BkT5m0lbWgo3TLhVn1P eZLCjZBkdkqL6Lca9nNs0qxiu928jCAoYX9ceIeAzEf0rnFzZ5cq8b0+yigE4EFm dElyr7u0+Y8vAwlIyM/i4x4LWAAAFsoReeQqmXWJAl3fTYXLAC49OYJz8QdIrcTx bQLD+EG5NtsKp18PMPIUXeU2ZE7R8st/zMdSBJBHbk78HGiD6PA= =XUID -----END PGP SIGNATURE----- --=-=-=--