On 01/12/2018 10:13 AM, Patrick Brunschwig wrote:
> On 12.01.18 14:58, Lachezar Dobrev wrote:
>> 2018-01-04 19:00 GMT+02:00 Lachezar Dobrev <l.dob...@gmail.com>:
>>> 2018-01-04 17:07 GMT+02:00 Patrick Brunschwig <patr...@enigmail.net>:
>>>> The question is, what is the text that is above and below the decrypted
>>>> message. I try not to display the warning if the message was completely
>>>> inline-PGP encrypted, but that's pretty hard to do in the message
>>>> composition window (where the original message is no longer available).
>>>>
>>>> You could also ask your peers to install K-9 (plus OpenKeychain), or
>>>> R2Mail2. Both can create and read PGP/MIME messages just fine.
>>>>
>>>> -Patrick
>>>
>>>   Ahh! I think I saw something!
>>>   I have a signature configured in my Thunderbird Account. When
>>> Thunderburd attaches it it adds -- as separator, so the footer ends up
>>> like:
>>> """
>>> --
>>> Lachezar Dobrev
>>> etc. etc.
>>> """
>>>   When I disabled the signature responding to an Inline-PGP no longer
>>> displays the warning.
>>>
>>>   Thunderbird manages -- signatures by removing them from the message
>>> that is being replied to before quoting it and adding the new
>>> signature below the quoted (and signature-stripped) original mail.
>>> Does that make sense?
>>>
>>>   Steps to reproduce:
>>>   - Open account settings
>>>   - Put some text in the 'Signature Text'
>>>   - Send an encrypted mail to one's self
>>>   - Reply to the encrypted message
>>>   - Observe the warning.
>>
>>   Is there any progress on this?
> 
> No, I didn't look into it.

FYI I am finding the warning happens every time I respond to someone who
uses Mailvelope (with gmail for example) and who has an automatic footer
as described by Lachezar  -- so the received email is inline PGP text,
with uencrypted footer at bottom.

I think the error description is really poor at communicating anything
useful to the user, here is another attempt:

"""
The message you are replying to contained both unencrypted and encrypted
parts. If the sender was not able to decrpyt some message parts
originally, you may be leaking confidential information that the sender
was not able to originally decrypt themselves by quoting the original
message. Please consider removing all quoted text from your reply to
this sender.
"""

-- 
Michael Carbone
Manager of Security Education
Digital Security Helpline
Access Now | https://www.accessnow.org/help

PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4


Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net

Reply via email to