efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)

[Andrew Gallagher]

On 15 May 2018, at 07:42, Bernhard Reiter <bernhard at intevation.de> wrote:

>> Another thing we need to learn from this is that HTML elements may be a
>> privacy concern in plaintext mail, but they are a *security* concern in
>> encrypted mail.
> 
> People clearly seem to want a way to send files with potentially active 
> elements. So in my opinion the crypto standards and backends should be 
> designed to allow this in the safest way possible

I’m not saying that active elements should be banned outright, just that they should be handled more carefully in the encrypted case than they are in plaintext. 

So for example, I could change my thunderbird settings to display active content by default, or tbird could let me click on a handy button to load foreign images. This is reasonable UC behaviour if we are only concerned about the privacy implications. 

But I would argue that it may not be reasonable if we have serious security concerns, so we may want to suppress the handy “load images” button or have a separate config setting for “display remote content in encrypted messages by default”. The point being that the context determines the measures that we may want to take. 

A