Date: Mon, 18 Aug 2014 08:28:33 +0200 From: Noel Kuntze <noel@...ilie-kuntze.de> To: oss-security@...ts.openwall.com Subject: Re: Enigmail warning -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello Henri, I'm using Thunderbird 31.0 with Enigmail 1.7 and can't reproduce that issue. I'm on Arch Linux, what OS are you using? Also, please state any specialties. Regards, Noel Kuntze GPG Key id: 0x63EC6658 Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658 Am 18.08.2014 um 08:22 schrieb Henri Salo: > Please read: http://sourceforge.net/p/enigmail/forum/support/thread/3e7268a4/ > > Quote from thread below: > > Enigmail 1.7 is completely broken for my purposes. > > Steps to reproduce the problem: > > 1) Write an email in TB. > 2) Ensure "Force encryption" in Enigmail. > 3) Ensure "Force signing" in Enigmail. > 4) Recheck encryption and signing settings... OK. > 5) Send the email. > 6) Look at the received email. OOPS. It is NOT signed and NOT encrypted. > > Sorry to say this so directly, but an encryption system, which CONFIRMS > to the user in it's graphical user interface on two different places > that it will encrypt AND THEN SENDS THE EMAIL WITHOUT ANY ENCRYPTION IN > PLAIN TEXT ... is just the BIGGEST IMAGINABLE CATASTROPHE. > > Sorry for my profane language but there is simply no excuse for such > bullshit. > > I am currently preparing a crypto class for journalists next week to > teach them how to use safe email. > > HOW am I going to explain that? A system tells the user in a separate > window as well as in a menu line that everything will be encrypted but > then it simply FORGOT to ENCRYPT and, ooops, their report will be > intercepted and their source will be tortured ? > > Ok...let's see....maybe there is some magic incompatibility with the TB > or OS version or the specific configuration I used or whatever... As a > computer scientist I can imagine many bug-explanations. > > Good that I am just a computer scientist. As a serious user (dissident, > whistle-blower, diplomatic or military user) I would now be waiting for > the bad guys come and get me with their water-board. > > Still as a computer scientist I need an answer to which system I will > teach in my class next week. Command-line PGP ?!? > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBAgAGBQJT8Z0PAAoJEDg5KY9j7GZYXlQP/Rp2rcj0Tybu56WuVl8UVQtO 65c5XE09o0A7WEAnt71i0aWxydl7rGMweU0vNcsP3UZ/aYRDkR3SwtX2lq+z3AE3 7i3vhsj45P20l1+fWieiL8inyxDMEgOtCX00vTQIIFoNxkTdfiMZC1qwWwRRVksL a/WYxafEHt0a91AanhrUvMpgIp8kXH2e0XPCfgFafcm2iKHkmuLU9wSe2AsFXZtd 39Y526EvPiYtCY2uxD85Rh9pYMRTecDcpewqnCzhDbMT02qI5DFRINBgtUOCQsPI eHZyORKe88cw1u/u7bMbO4IYjUWWFrPWl8Jiy1CoFQJMkm/W5JQw1yavIMCVBW6M mNb+oH6wL5N6vClvB7o7+nStbHY3i7qt3BVwusOMK3I8+tcIS2NONB1DdZgQnESh s9QAQ3tXvwZC/GWxZ//qwd+/6yiidVCRPBv0al4uHkZB2C/TmxIpjSWAHDF0eHSG 0RoR34DhLXVJF31Gmz7fmUAy5sLd05d0UoHaAB8eErazOvxRqy8Xh3bWZQUPVb+p LpVPj/ZvRllTiVi/OPpvzSm82cWy+6MJTZDnswZC6cO/iW5VL9hf2X3OcKt7mWOF yykejM9KxjpUIP2HaBvjgA84e5mcwE6QO7kwI7fVQ5GDHykrAKOE14WjcALK/W6y OEGJe5cXbEt6WV53JAKV =z7+c -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ