On 01/12/2018 10:13 AM, Patrick Brunschwig wrote: > On 12.01.18 14:58, Lachezar Dobrev wrote: >> 2018-01-04 19:00 GMT+02:00 Lachezar Dobrev <[email protected]>: >>> 2018-01-04 17:07 GMT+02:00 Patrick Brunschwig <[email protected]>: >>>> The question is, what is the text that is above and below the decrypted >>>> message. I try not to display the warning if the message was completely >>>> inline-PGP encrypted, but that's pretty hard to do in the message >>>> composition window (where the original message is no longer available). >>>> >>>> You could also ask your peers to install K-9 (plus OpenKeychain), or >>>> R2Mail2. Both can create and read PGP/MIME messages just fine. >>>> >>>> -Patrick >>> >>> Ahh! I think I saw something! >>> I have a signature configured in my Thunderbird Account. When >>> Thunderburd attaches it it adds -- as separator, so the footer ends up >>> like: >>> """ >>> -- >>> Lachezar Dobrev >>> etc. etc. >>> """ >>> When I disabled the signature responding to an Inline-PGP no longer >>> displays the warning. >>> >>> Thunderbird manages -- signatures by removing them from the message >>> that is being replied to before quoting it and adding the new >>> signature below the quoted (and signature-stripped) original mail. >>> Does that make sense? >>> >>> Steps to reproduce: >>> - Open account settings >>> - Put some text in the 'Signature Text' >>> - Send an encrypted mail to one's self >>> - Reply to the encrypted message >>> - Observe the warning. >> >> Is there any progress on this? > > No, I didn't look into it.
FYI I am finding the warning happens every time I respond to someone who uses Mailvelope (with gmail for example) and who has an automatic footer as described by Lachezar -- so the received email is inline PGP text, with uencrypted footer at bottom. I think the error description is really poor at communicating anything useful to the user, here is another attempt: """ The message you are replying to contained both unencrypted and encrypted parts. If the sender was not able to decrpyt some message parts originally, you may be leaking confidential information that the sender was not able to originally decrypt themselves by quoting the original message. Please consider removing all quoted text from your reply to this sender. """ -- Michael Carbone Manager of Security Education Digital Security Helpline Access Now | https://www.accessnow.org/help PGP fingerprint: D3D8 BEBF ECE8 91AC 46A7 30DE 63FC 4D26 84A7 33B4
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list [email protected] To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
