danger of decrypted files without integrity protection
Bernhard Reiter
bernhard at intevation.de
Thu May 17 16:30:09 CEST 2018
Am Donnerstag 17 Mai 2018 15:05:35 schrieb Greg Troxel:
> In your example, you asked a browser to render html, which has different
> norms than rendering incoming (and hence not requested by the user)
> email. Even a relatively paranoid browser with uMatrix will render
> images from different origins.
It is a detail to the questions:
* is decrypting an email manually outside of a mailer safe?
-> no - for files that potentially will call home on opening
* do webbrowsers follow external links when coming from local disk?
-> yes (in the sample)
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/b3746223/attachment.sig>
More information about the Gnupg-devel
mailing list