Breaking MIME concatenation

Lukas Pitschl | GPGTools lukele at gpgtools.org
Wed May 16 21:50:52 CEST 2018


> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig <patrick at enigmail.net>:
> 
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
> 
> --WRAPPER
> Content-Type: text/html
> 
> <!-- > <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- '> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- "> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> 
> --WRAPPER
> (result of PGP/MIME decryption)
> —WRAPPER—

Looks alright so far, does the same work for inline PGP? Is there
a particular for the specific inline-styles?

In macOS Mail we will disable remote content loading completely
and prevent the user from re-enabling it for encrypted messages.
Unfortunately the chance that Apple will fix their mime parser is
probably close to none. Currently also looking if it is possible to
inject a separate web document.

Best,

Lukas

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180516/45f63c29/attachment-0001.sig>


More information about the Gnupg-users mailing list