Summary | encrypt email with multiple recipients with gpg |
Queue | IMP |
Queue Version | 4.0.4-RC2 |
Type | Enhancement |
State | Resolved |
Priority | 1. Low |
Owners | slusarz (at) horde (dot) org |
Requester | wmark.horde (at) hurrikane (dot) de |
Created | 09/24/2005 (7224 days ago) |
Due | |
Updated | 09/06/2017 (2859 days ago) |
Assigned | 09/29/2005 (7219 days ago) |
Resolved | 10/07/2005 (7211 days ago) |
Milestone | 4.1.0 |
Patch | No |
commit 28e2ec8a9913c8f4404fbb2e3a9de6890a696089
Author: Paul M Jones <pmjones@ciaweb.net>
Date: Wed Nov 3 15:24:00 2004 +0000
fixed
bug 2670, new links now get 'css_new' class (not 'css' normal class)git-svn-id:
https://svn.php.net/repository/pear/packages/Text_Wiki/trunk@172022
c90b9560-bf6c-de11-be94-00142212c4b1
Text/Wiki/Render/Xhtml/Wikilink.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
http://github.com/horde/horde/commit/28e2ec8a9913c8f4404fbb2e3a9de6890a696089
framework (e.g. IMP 4.0.x) version. This decision was made because 1)
it requires a version of Horde that doesn't exist yet and 2) this is
an enhancement request, not a bug (i.e. sending messages to multiple
recipients works fine now, it just works better after the changes).
Imp running.
The bug still persists in the latest FRAMEWORK snapshot.
(Latest means: 2005-10-07)
State ⇒ Resolved
IMP HEAD. please test and give feedback.
Please expect my feedback these days.
State ⇒ Feedback
gnupg documentation was not clear at all that it supported multiple
recipient encryption on the command line.
multiple recipient encryption has been implemented in Horde HEAD and
IMP HEAD. please test and give feedback.
State ⇒ Assigned
Type ⇒ Enhancement
- For every recipient individually with his/hers public key.
- For 'me' as sender, to be put in thr outgoing-folder.
This is how it should IMHO be done:
- Encrypt the email with multiple public keys of the recipients and
optionally the sender. (Verschränkte Verschlüsselung; kombinacja
kluczy publicznych.)
That (one) email goes to the recipients and as copy to my folder.
By this you get a real and authentic copy and IMP is not vulnerable to
"DOS-emails":
- Create an email to be encrypted with the largest possible attachment.
- Give it a lot of people with certificates as recipients (i.e. all
the Gentoo developers).
- Make more emails.
- Send them at once.
Now the load on server will raise quadratically: With every recipient
and every send message.
The other way it would just increase linearly with every email.
(Maybe RLIMITs of Apache will prevent this. Does max_execution_time help?)
I hope I am wrong.
to send encrypted mail to third party users without any problems for
years now.
Before anyone could read my IMP-encrypted emails I've cancelled their
further processing due to the wring encryption.
[...]
you are sending out with any message that is saved in your sent-mail
folder? Because of course those messages aren't the same.
Yes, I've always assumed original and copy will be the same - even
encrypted ones. I will check the entire process again, but the
encryption-process will be still not correct - at least due to this
fact.
State ⇒ Feedback
Priority ⇒ 1. Low
The email is encrypted with your public key and not with the
recevier's public key! (The latter were correct.) If he recevied this
email, he cannot decrypt it.
to send encrypted mail to third party users without any problems for
years now.
- Let IMP fetch the public key from public servers.
- Get the key from address-book entries (gpg will possibly complain
about you cannot trust this key, but it should work)
- Refuse to cypher this email, because you don't have the right key.
are sending out with any message that is saved in your sent-mail
folder? Because of course those messages aren't the same.
and assigned a default address book to IMP. (See
ticket #2671forlatter.)
The email should be encrypted for every of the receivers and the
sender or fail. ('And' has precedence.) ("Verschränkte
Verschlüsselung.")
State ⇒ Assigned
Priority ⇒ 3. High
State ⇒ Unconfirmed
Queue ⇒ IMP
Summary ⇒ emails not properly encrypted with gpg
Type ⇒ Bug
import your own public and private keys. (It makes no difference
whether you have any public key in your address book.)
Then, write an email to a third person and let IMP encrypt it.
Now comes the bug:
The email is encrypted with your public key and not with the
recevier's public key! (The latter were correct.) If he recevied this
email, he cannot decrypt it.
Possible resolutions:
- Let IMP fetch the public key from public servers.
- Get the key from address-book entries (gpg will possibly complain
about you cannot trust this key, but it should work)
- Refuse to cypher this email, because you don't have the right key.