On Sun, Nov 24, 2013 at 9:26 AM, Moritz Bartl <[email protected]> wrote: > ... > Important to note here is that by default, Enigmail adds the sender to > the recipient list -- which is useful if you want to reread sent mail, > but it also means that any encrypted mail contains not only the > recipient key ID (which at least some users know), but also the sender > key ID. > > Adding to the pain, if you receive a PGP message without keyID and have > multiple private keys, GPG/Enigmail will dumbly rotate through the keys, > without taking the actual email addresses (sender/recipient pair) from > the mail header into account. This can only be solved on Enigmail-level, > since only Enigmail "knows" about email headers. > > Thank you Fabio for filing the tickets! Maybe some good will come out of > that.
email for private communication is folly, nevertheless, it would be useful to use these fields for mis-information. e.g. "camouflage". by inserting incorrect software in "BEGIN PGP MESSAGE", by inserting a different version in "X-EnigMail-Version" or "Version: and Comment: headers". similar to the "Windows XP" mode of Tails, this camouflage would serve to mislead potential attackers who would use this information for targeted client side attacks. best regards, -- Liberationtech is public & archives are searchable on Google. Violations of list guidelines will get you moderated: https://mailman.stanford.edu/mailman/listinfo/liberationtech. Unsubscribe, change to digest, or change password by emailing moderator at [email protected].
