farhanible at gmail.com
Wed May 16 15:49:25 CEST 2018
Oh man.. check a few of the previous list emails on this subject. They're
On Wed, May 16, 2018 at 3:04 AM, eira wahlin <panina at nonbinary.me> wrote:
> I've been looking at a vulnerability in mail clients using pgp, described
> at efail.de. It is a technique where an attacker would inject a HTML IMG
> tag in an email, enveloping the encrypted text. This would send the
> cleartext message to the server inticated in the IMG tag.
> To me, it seems that this attack would be defeated by signing the
> encrypted message, which (to my knowledge) most email clients does by
> Am I missing something here? How do clients generally handle partially
> signed messages? Would they decrypt an encrypted message, if it would be
> enveloped in a cleartext IMG tag?
> Panina, malmö, sweden
> Sent from my Android device with K-9 Mail. Please excuse my brevity.
> Gnupg-users mailing list
> Gnupg-users at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users