Your other points are all reasonable, and like I said, my opposition
to the feature isn't strong--but you didn't change my mind either. :)

Yes, I can see that, but it's hard to change your opinion that e-mail privacy is a lost cause in just a couple of e-mails.

Mind me asking why do you put your key ID in e-mails if you're opposed to encrypted communication?

FWIW, we've now seen from 3 mutt-dev followers that they would prefer
this code not go in... even to the point where they'd patch -R to
remove it.  That, for my money, is reason enough to not include it.

There is no code at this point and as far as I can see the "ultimate solution" of patching has been brought in context of "automatic WKD". And automatic WKD was already dismissed by Kevin in his first e-mail.

Quote from Claus Assmann:

I am disinclined to default-enable something that send http requests
out without the user fully understanding what's going on.

Agreed.

I would patch my copy of the source to not enable such code at all

End of quote.

It's actually worse, because
it leaks whom you are actually sending messages to, rather than from
whom you're receiving them...

If you're sending e-mail to u...@example.com and do a WKD query it would reveal that only to example.com. But you're sending the e-mail there so that user (or their server admins) would already know that after you send that e-mail.

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor

Reply via email to