Open Issues in Mailcrypt

On this page are issues that remain open with Mailcrypt. If you can answer the question/patch the bug/provide the feature, please do!

Since the release of Mailcrypt 3.5.1, bug reports and fixes have slowed down dramatically. Some have even turned out to be bugs in PGP, rather than Mailcrypt! Hopefully, we are close to a final stable release of 3.6.

In keeping (loosely) with the Linux kernel-numbering scheme, the "5" in 3.5.X denotes a development release, rather than a stable one. That's supposed to motivate developers to keep adding features and improving things wildly--so get to it! When enough time has passed, and improvements have stopped flowing, we can move to version 3.6. Perhaps we can match Pat and Jin's record--complete stability for at least three years.


Problems Operating with XEmacs

Since I don't use XEmacs (and my disk is full!) it's difficult to test Mailcrypt against it. Basically, if a bug report comes in, and a search of DejaNews turns nothing up, then it's an open question.

At the moment, no outstanding XEmacs problems are known to exist.

Mixmaster/Remailer Support

Any remailer and mixmaster users out there? testing these features is somewhat slow, due to the turnaround time in remailer-space. The following remarks have come through remailer users. It would help a lot if anyone would test these features, confirm or deny, submit patches, etc.

Anonymous Posting through Cypherpunk Remailers

One anonymous gent writes:

FYI -- The current version of Mailcrypt does *not* support anonymous posting (see the examples on (Try it -- you need to say `Anon-Post-To: ' instead of simply `Post-To: ' now.

I suggest that a quick hack to mc-rewrite-for-remailer in mc-remailer.el to account for new Subject lines and hash marks would bring mailcrypt up-to-date and functioning for anonymous posting.

Can't CC: with Mixmaster

This was submitted (along with several other reports) by Adam Beck:

As a limitation inherited from mc-3.4, there are somethings wrong with the mixmaster support. Eg. if you put:

To: foo
Cc: blah

it will complain that you can't do Cc's with mixmaster.

However I don't think this is true (at least not with the last year or so's mixmasters). Mixmaster can put arbitrary headers in (modulo what the remailer operator blocks). I only block 'From:' at, plus a couple of default things like control messages.

In-Reply-To Broken?

Another one from Adam Beck:

You hit reply in emacs, the In-Reply-To is a header with continuation (like the comments field -- leading tabs on subsequent lines because it is too long). It seems that possibly Mailcrypt mixmaster code is converting that into one line and something else is truncating it? Or maybe Mailcrypt is truncating it.

For some headers this will break threading etc.


Passwords and Duplicate Keys

Also from Adam Beck:

There is something wrong with the pgp5 mode way it prompts you for passwords. ie I have two keys with the same userid (same email address say:

        Jimmy Dean <>
and     Jimmy Dean <> (High Security)

What it does is prompt you for the passphrase of the first key alphabetically on the keyring.

mc-3.4 didn't do this, it did the right thing in this situation.

Recipients and Duplicate Keys

Here's another one from Adam Beck:

General pgp5 security risk / bug. Say I am encrypting to `Mark'. Say I have 5 Mark's on my keyring. Say that the particular Mark I am encrypting to has an email address which doesn't match his pgp key, so I type in `Mark' in the emacs status box. PGP5 will encrypt to all of the Marks!! (A risk -- one of the Marks might work for the NSA). PGP2 would have encrypted to the Mark most recently added to the keyring. Not your bug, a PGP5 bug. It might be nice if you could figure out when this will happen and warn / refuse to work on the basis that that is an ambiguous name.

Len Budney
Copyright © 1998