(Also cross-posting to Autocrypt) Patrick Brunschwig([email protected])@Sat, May 19, 2018 at 06:47:08PM +0200: > In the light of the Efail vulnerability I am asking myself if it's > really needed to decrypt non-regular types of emails at all. In other > words, should we decrypt a multipart/encrypted MIME part at all if we > detect an irregular MIME structure?
I used to parse stuff in a generic way in K-9 Mail at first, but changed it later (mid 2016?) to show decrypted data only in known mime structures. I planned to add support for other things as they came up, but so far I haven't received feedback about any incompatibilities. > 1. top-level MIME part is multipart/encrypted. This is the only mime structure I handle, any other pgp/mime structure will show up as an attachment. When displaying a decrypted mail, the decrypted payload is displayed like a normal message would. PGP/INLINE is handled only if the pgp data is the very first non-whitespace content, otherwise it won't be decrypted. If there are mime parts outside the encrypted payload, they are displayed as "unprotected attachments" that require an extra click to open. For the case of text/plain parts following the encrypted part, those are shown as "Unsigned Text" at the bottom and displayed in a text-only widget, nicely covering the use case of mailing list footers: https://matrix.org/_matrix/media/v1/download/stratum0.org/cKjeJctipgVjBEXIMvrqLlJL > 2. an attached email (Content-Type = message/rfc822) containing a > multipart/encrypted MIME part as direct child. I don't handle this. Does it come up for you? - V PS: Randomly signing this message.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnupg-users
