danger of decrypted files without integrity protection

Bernhard Reiter bernhard at intevation.de
Thu May 17 16:30:09 CEST 2018

Am Donnerstag 17 Mai 2018 15:05:35 schrieb Greg Troxel:
> In your example, you asked a browser to render html, which has different
> norms than rendering incoming (and hence not requested by the user)
> email.  Even a relatively paranoid browser with uMatrix will render
> images from different origins.

It is a detail to the questions:
 * is decrypting an email manually outside of a mailer safe? 
   -> no - for files that potentially will call home on opening
 * do webbrowsers follow external links when coming from local disk?
   -> yes (in the sample)

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/b3746223/attachment.sig>

More information about the Gnupg-devel mailing list