efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)
bernhard at intevation.de
Tue May 15 11:45:45 CEST 2018
Am Dienstag 15 Mai 2018 10:29:45 schrieb Andrew Gallagher:
> I’m not saying that active elements should be banned outright, just that
> they should be handled more carefully in the encrypted case than they are
> in plaintext.
> so we may want to suppress the handy “load images” button or have
> a separate config setting for “display remote content in encrypted messages
> by default”. The point being that the context determines the measures that
> we may want to take.
My point is that it is legitimate to send files with potentially active
contents. And they are a problem even outside of an email application.
So making integrity checks a hard requirement and do not display anything
in the failed case seems a good idea to me.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users