diff options
Diffstat (limited to 'lisp/gnus/mml-sec.el')
| -rw-r--r-- | lisp/gnus/mml-sec.el | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el index e4c90956788..dbd31629f97 100644 --- a/lisp/gnus/mml-sec.el +++ b/lisp/gnus/mml-sec.el @@ -125,6 +125,21 @@ Whether the passphrase is cached at all is controlled by :group 'message :type 'integer) +(defcustom mml-secure-safe-bcc-list nil + "List of e-mail addresses that are safe to use in Bcc headers. +EasyPG encrypts e-mails to Bcc addresses, and the encrypted e-mail +by default identifies the used encryption keys, giving away the +Bcc'ed identities. Clearly, this contradicts the original goal of +*blind* copies. +For an academic paper explaining the problem, see URL +`http://crypto.stanford.edu/portia/papers/bb-bcc.pdf'. +Use this variable to specify e-mail addresses whose owners do not +mind if they are identifiable as recipients. This may be useful if +you use Bcc headers to encrypt e-mails to yourself." + :version "25.1" + :group 'message + :type '(repeat string)) + ;;; Configuration/helper functions (defun mml-signencrypt-style (method &optional style) @@ -275,6 +290,36 @@ Use METHOD if given. Else use `mml-secure-method' or (interactive) (mml-secure-part "smime")) +(defun mml-secure-is-encrypted-p () + "Check whether secure encrypt tag is present." + (save-excursion + (goto-char (point-min)) + (re-search-forward + (concat "^" (regexp-quote mail-header-separator) "\n" + "<#secure[^>]+encrypt") + nil t))) + +(defun mml-secure-bcc-is-safe () + "Check whether usage of Bcc is safe (or absent). +Bcc usage is safe in two cases: first, if the current message does +not contain an MML secure encrypt tag; +second, if the Bcc addresses are a subset of `mml-secure-safe-bcc-list'. +In all other cases, ask the user whether Bcc usage is safe. +Raise error if user answers no. +Note that this function does not produce a meaningful return value: +either an error is raised or not." + (when (mml-secure-is-encrypted-p) + (let ((bcc (mail-strip-quoted-names (message-fetch-field "bcc")))) + (when bcc + (let ((bcc-list (mapcar #'cadr + (mail-extract-address-components bcc t)))) + (unless (gnus-subsetp bcc-list mml-secure-safe-bcc-list) + (unless (yes-or-no-p "Message for encryption contains Bcc header.\ + This may give away all Bcc'ed identities to all recipients.\ + Are you sure that this is safe?\ + (Customize `mml-secure-safe-bcc-list' to avoid this warning.) ") + (error "Aborted")))))))) + ;; defuns that add the proper <#secure ...> tag to the top of the message body (defun mml-secure-message (method &optional modesym) (let ((mode (prin1-to-string modesym)) |