Breaking MIME concatenation
Lukas Pitschl | GPGTools
lukele at gpgtools.org
Wed May 16 21:50:52 CEST 2018
> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig <patrick at enigmail.net>:
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
> <!-- > <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- '> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
> <!-- "> <PRE style="visibility: visible; display: block; font: fixed;
> font-size: 10px;"> -->
>
> --WRAPPER
> (result of PGP/MIME decryption)
> —WRAPPER—
Looks alright so far, does the same work for inline PGP? Is there
a particular for the specific inline-styles?
In macOS Mail we will disable remote content loading completely
and prevent the user from re-enabling it for encrypted messages.
Unfortunately the chance that Apple will fix their mime parser is
probably close to none. Currently also looking if it is possible to
inject a separate web document.
Best,
Lukas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 268 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180516/45f63c29/attachment-0001.sig>
More information about the Gnupg-users
mailing list