danger of decrypted files without integrity protection

Steffen Nurpmeso steffen at sdaoden.eu
Thu May 17 20:51:52 CEST 2018

Greg Troxel <gdt at lexort.com> wrote:
 |Bernhard Reiter <bernhard at intevation.de> writes:
 |> Am Donnerstag 17 Mai 2018 15:05:35 schrieb Greg Troxel:
 |>> In your example, you asked a browser to render html, which has different
 |>> norms than rendering incoming (and hence not requested by the user)
 |>> email.  Even a relatively paranoid browser with uMatrix will render
 |>> images from different origins.
 |> It is a detail to the questions:
 |>  * is decrypting an email manually outside of a mailer safe? 
 |>    -> no - for files that potentially will call home on opening
 |Decrypting is not the problem.  The problem is evaluating the file
 |either with a program that interprets it and does unsafe things, or that
 |is exploitable (e.g. because it is buggy, perhaps because the format is
 |too complicated).  All of these issues are also present with handling
 |files that were not recently decrypted.

Not being able to detect that injections happened because
decrypting silently succeeds because of missing i.-p. is the
problem on the S/MIME side (isn't it).

|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the Gnupg-devel mailing list