wk at gnupg.org
Wed May 16 14:42:03 CEST 2018
On Wed, 16 May 2018 10:48, oub at mat.ucm.es said:
> > On Tue, 15 May 2018 03:31, jerry at seibercom.net said:
> > My conclusion is that S/MIME is vulnerable in most clients with the
> > exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the
> > requirement for a user consent as non-vulnerable. Most of the
> > non-vulnerable clients use GnuPG as their engine.
[For clarity: the above quote is by me]
> Well what's about GNU emacs(+gnus/vm/rmail)? I asked in the emacs dev
> list and the default is to block external HTML images.
Well Emacs user's dont view HTML mails, right? At least I don't and use
W H to read html. That does not load any images etc.
> This client(s) is not mentioned, I presume the authors consider it as
> being too *hackerish*, but it would be worthwhile to find out that with
> the blocking I mentioned, GNU emacs is in fact not vulnerable.
They also don't mention that Outlook plugin which is used by a lot of
people including the ACLU and thus Snowden's lawyer. What I heard is
that it had sevweral flaws how it handles HTML. But they tested tools I
never heard about. BTW, why didn't they test the Volksverschlüsselung.
> BTW: RMS asked on the emacs devel list whether, and I quote,
> | If you allow a mail user agent to render HTML for you, you expose
> | yourself to various kinds of surveillance and swindles. Now, it seems,
> | one of those might be a decryption exploit.
out accounts to your box for free.
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 227 bytes
Desc: not available
More information about the Gnupg-users