--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id EC4CE431FD6\r
+ for <notmuch@notmuchmail.org>; Mon, 18 Nov 2013 07:52:49 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+ autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id gxq5hAkMYGOE for <notmuch@notmuchmail.org>;\r
+ Mon, 18 Nov 2013 07:52:42 -0800 (PST)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by olra.theworths.org (Postfix) with ESMTP id 5948D431FD4\r
+ for <notmuch@notmuchmail.org>; Mon, 18 Nov 2013 07:52:42 -0800 (PST)\r
+Received: from [192.168.2.3] (c-67-174-255-77.hsd1.ca.comcast.net\r
+ [67.174.255.77])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 99CF2F984\r
+ for <notmuch@notmuchmail.org>; Mon, 18 Nov 2013 10:52:38 -0500 (EST)\r
+Message-ID: <528A37C2.60207@fifthhorseman.net>\r
+Date: Mon, 18 Nov 2013 07:52:34 -0800\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+ rv:24.0) Gecko/20100101 Icedove/24.0\r
+MIME-Version: 1.0\r
+To: notmuch@notmuchmail.org\r
+Subject: Re: alot: can't read sent emails, after encryption\r
+References: <20131112142742.8912.57064@localhost.localdomain>\r
+ <87eh6gxeex.fsf@servo.finestructure.net> <20131117185754.31928.60825@brick>\r
+ <87pppy95lu.fsf@servo.finestructure.net> <20131118131741.4561.45898@hermes>\r
+In-Reply-To: <20131118131741.4561.45898@hermes>\r
+X-Enigmail-Version: 1.6\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+ protocol="application/pgp-signature";\r
+ boundary="W2A8dGq2oHINrNBDcE3ptPH32q2wlE0Ld"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+Reply-To: notmuch <notmuch@notmuchmail.org>\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Mon, 18 Nov 2013 15:52:50 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+--W2A8dGq2oHINrNBDcE3ptPH32q2wlE0Ld\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On 11/18/2013 05:17 AM, Ruben Pollan wrote:\r
+> If I have t[w]o identities, with two different gpg keys (key1 and key2)=\r
+, and I set=20\r
+> 'encrypt-to key1' when I send emails with my identity of key2 it will a=\r
+lso=20\r
+> encrypt it with my key1 and will reveal to its receivers that I own key=\r
+1. Isn't=20\r
+> it?\r
+\r
+It won't formally *prove* that you own key1 (no one will be able to say\r
+for sure that the public key encrypted session key packet actually is\r
+decryptable by key1, it just has the 64-bit keyid embedded in the PKESK,\r
+and even if it did, it could arguably have been added as a Bcc: to\r
+another independent person), but it will certainly imply to anyone who\r
+gets more than a single message from you that there is this other key\r
+involved somehow.\r
+\r
+If you have multiple identities, there are other approaches you could\r
+take without changing alot itself, for example:\r
+\r
+You could have two separate ~/.gnupg directories, and you could launch\r
+alot differently, with "GNUPGHOME=3D~/.gnupg-key1 alot" or\r
+"GNUPGHOME=3D~/.gnupg-key2 alot" to make these responses.\r
+\r
+If you really care deeply about keeping the identities distinct, you\r
+might even want to split your notmuch dataset into two places as well,\r
+so that you don't accidentally reply from one identity to another\r
+identity's message:\r
+\r
+ NOTMUCH_CONFIG=3D~/.notmuch-config-key1 GNUPGHOME=3D~/.gnupg-key1 alot\r
+\r
+and so forth.\r
+\r
+or you could use two distinct user accounts or virtual machines so that\r
+the data as even fewer possibilities of being mixed (e.g. ensuring that\r
+the outbound SMTP path, and/or the message-IDs generated when sending\r
+each message don't share any features that might leak their common\r
+provenance).\r
+\r
+None of this is particularly convenient; maintaining separate identities\r
+that are difficult for an adversary to re-correlate is a serious challeng=\r
+e.\r
+\r
+That said, i can imagine that alot (and other notmuch frontends) could\r
+be improved to support this use case directly without forcing users to\r
+go through the extra hoops i've envisioned above.\r
+\r
+ --dkg\r
+\r
+\r
+--W2A8dGq2oHINrNBDcE3ptPH32q2wlE0Ld\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1.4.15 (GNU/Linux)\r
+Comment: Using GnuPG with Icedove - http://www.enigmail.net/\r
+\r
+iQJ8BAEBCgBmBQJSijfCXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcqqQQAIE0f8BQTOKmShpKnjFjL9CO\r
+npCDNUvkFmSEv6kL0o62b9e/ZebXGZ1883/+HnWobKsugnRPC512f49Pfndmj1zQ\r
+vB/p8bmNV8ToMEBqgOT1dbUWBizEBtADxyzHWCHjGePKqbRdlZUXoMmP7ab9Kqol\r
+KeM1frhukUV4SEemwY16iXEUQXS4jaRYw9skS0blMIYffvoW5qAsAT6uB4HteHCx\r
+wShZZNXKfwHRcz7h1//3Th+j3HtosTFGOEck7BoWqKSZp9l1z6kXRxyFe6rVUnrR\r
+QtzZYDdjwrRe/DJdkQ45GeP0LlJBzn5jKYWoGJ2KjSSkS2VUTtsIWw1jBaqvUAJX\r
+62TN08HvMjLlh4NXkWjux0513ShKjDchD58Le5WS9eIGfk+e4SrRjrg5T8uDN3lB\r
+iMXM/jQjpoGMa6y49ls1JZjQB1usqbMpJSYLIDTklXsh4BC3paJO1b5fTSXCqvPQ\r
+vyEOMPVLsbVJDGku36NBEgM0LyxIoyh7xI2pv+c9pAZS1Y52k03pYkylbbJoLRc5\r
+4EVU8M2UUFNfnvOgGJyLa/ByF9fo6V0ET0UYtHObfIC5zvw+tCMF+6D8em4XBZw9\r
+LNxudt+2gOLFxbSOmZ/JDIOewuBNZBccspzPnRKnTF7ym/Wf6xICyCUpD1MWfRxM\r
+A3veU0E3+3W1XDRuUzRx\r
+=AP9u\r
+-----END PGP SIGNATURE-----\r
+\r
+--W2A8dGq2oHINrNBDcE3ptPH32q2wlE0Ld--\r