[Autocrypt] [openpgp-email] Efail - Possible Measures?

[Bart Butler]

> PGP/INLINE is handled only if the pgp
> data is the very first non-whitespace content, otherwise it won't be decrypted.

^ This is exactly what ProtonMail does as well.

Sent from ProtonMail, encrypted email based in Switzerland.

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On May 19, 2018 9:47 AM, Patrick Brunschwig <patrick at enigmail.net> wrote:

>
>
> In the light of the Efail vulnerability I am asking myself if it's
>
> really needed to decrypt non-regular types of emails at all. In other
>
> words, should we decrypt a multipart/encrypted MIME part at all if we
>
> detect an irregular MIME structure?
>
> If we would not decrypt irregular MIME structures, there cannot be an
>
> issue with HTML displaying. This would be a good thing, if you're an
>
> addon and you can't change the application you live in. I know that some
>
> mail clients do this already, but all those clients that are affected by
>
> Efail apparently don't.
>
> I would consider the following "regular" MIME structures:
>
> 1.  top-level MIME part is multipart/encrypted.
> 2.  an attached email (Content-Type = message/rfc822) containing a
>
>     multipart/encrypted MIME part as direct child.
>
>     Does anyone know of other relevant types of message structures?
>
>     Does anyone see a reason why NOT to do that?
>
>     -Patrick
>
>
> openpgp-email mailing list
>
> openpgp-email at enigmail.net
>
> To unsubscribe or make changes to your subscription click here:
>
> https://admin.hostpoint.ch/mailman/listinfo/openpgp-email_enigmail.net
>
> Autocrypt mailing list
>
> Post: Autocrypt at lists.mayfirst.org
>
> List info: https://lists.mayfirst.org/mailman/listinfo/autocrypt
>
> To Unsubscribe
>
> Send email to: Autocrypt-unsubscribe at lists.mayfirst.org
>
> Or visit: https://lists.mayfirst.org/mailman/options/autocrypt/bartbutler%40protonmail.ch
>
> You are subscribed as: bartbutler at protonmail.ch