Just stumbled on the following problem.
I was sending to "Joe Simple <email@example.com>",
so mailcrypt ran it through rfc822-addresses and
I accepted this without suspecting anything and
it encrypted. Turns out it encrypted for
firstname.lastname@example.org, Joe's sibling.
So this is what I think (and it may be GPG-specific,
I have no idea how PGP works).
Because it does strip the actual email addresses
out of the To, CC, BCC lines, they should be used
with exact matching, i.e., the gpg command line
should have had "--recipient <email@example.com>",
not the substring-matching "--recipient firstname.lastname@example.org"
which allowed gpg to encrypt it for email@example.com.
In other words, the following patch for mailcrypt.el
seems to fix the problem for me (and I did verify it for
multiple addresses, too):
--- mailcrypt.el.orig 2005-04-07 10:41:20.000000000 -0400
+++ mailcrypt.el 2005-04-07 10:41:49.000000000 -0400
@@ -408,7 +408,7 @@
(defsubst mc-strip-address (addr)
"Strip everything from ADDR except the basic Email
- (car (rfc822-addresses addr)))
+ (concat "<" (car (rfc822-addresses addr)) ">"))
(defun mc-strip-addresses (addr-list)
"Strip everything from the addresses in ADDR-LIST
except the basic