+(defun mml-secure-is-encrypted-p ()
+ "Check whether secure encrypt tag is present."
+ (save-excursion
+ (goto-char (point-min))
+ (re-search-forward
+ (concat "^" (regexp-quote mail-header-separator) "\n"
+ "<#secure[^>]+encrypt")
+ nil t)))
+
+(defun mml-secure-bcc-is-safe ()
+ "Check whether usage of Bcc is safe (or absent).
+Bcc usage is safe in two cases: first, if the current message does
+not contain an MML secure encrypt tag;
+second, if the Bcc addresses are a subset of `mml-secure-safe-bcc-list'.
+In all other cases, ask the user whether Bcc usage is safe.
+Raise error if user answers no.
+Note that this function does not produce a meaningful return value:
+either an error is raised or not."
+ (when (mml-secure-is-encrypted-p)
+ (let ((bcc (mail-strip-quoted-names (message-fetch-field "bcc"))))
+ (when bcc
+ ;; Split recipients at "," boundary, omit empty strings (t),
+ ;; and strip whitespace.
+ (let ((bcc-list (split-string bcc "," t "\\s-+")))
+ (unless (gnus-subsetp bcc-list mml-secure-safe-bcc-list)
+ (unless (yes-or-no-p "Message for encryption contains Bcc header.\
+ This may give away all Bcc'ed identities to all recipients.\
+ Are you sure that this is safe?\
+ (Customize `mml-secure-safe-bcc-list' to avoid this warning.) ")
+ (error "Aborted"))))))))
+