efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)

Bernhard Reiter bernhard at intevation.de
Tue May 15 11:45:45 CEST 2018


Am Dienstag 15 Mai 2018 10:29:45 schrieb Andrew Gallagher:
> I’m not saying that active elements should be banned outright, just that
> they should be handled more carefully in the encrypted case than they are
> in plaintext.

> so we may want to suppress the handy “load images” button or have
> a separate config setting for “display remote content in encrypted messages
> by default”. The point being that the context determines the measures that
> we may want to take.

I agree.
My point is that it is legitimate to send files with potentially active 
contents. And they are a problem even outside of an email application.
So making integrity checks a hard requirement and do not display anything
in the failed case seems a good idea to me.

Bernhard

-- 
www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180515/0b49d2ec/attachment.sig>


More information about the Gnupg-users mailing list