Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Fabio Pietrosanti (naif)
Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a)

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tomer Altman
) li...@infosecurity.ch To: liberationtech@lists.stanford.edu Sent: Monday, June 2, 2014 6:59:43 AM Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tom O
Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 4/28/14, 9:25 AM, Fabio Pietrosanti (naif) ha scritto: Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Fabio Pietrosanti (naif)
Il 6/2/14, 6:43 PM, Tomer Altman ha scritto: Can you state precisely the threat model that you are concerned about? You are right, the subject is not directly related to cryptography but to security . The threat model is better described in the ticket that has been opened to various PGP email

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-06-02 Thread Tomer Altman
, June 2, 2014 2:06:16 PM Subject: Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG Il 6/2/14, 6:43 PM, Tomer Altman ha scritto: Can you state precisely the threat model that you are concerned about? You are right, the subject is not directly related to cryptography but to security

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-04-28 Thread Fabio Pietrosanti (naif)
Il 11/24/13, 2:19 PM, Fabio Pietrosanti (naif) ha scritto: I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2014-04-28 Thread Griffin Boyce
And, whether it's a Thunderbird bug or an Enigmail bug, Gmail emails have a tendency to be sent (typically unencrypted) during draft autosave. So that's fun. Thunderbird makes me think of Mutt's slogan from 1995 - All email clients are terrible. This one is just less terrible. ~Griffin

[liberationtech] Cryptography Leak in Enigmail / GnuPG

2013-11-24 Thread Fabio Pietrosanti (naif)
I just wanted to notice that the mostly used encryption software like GnuPG and Enigmail, have some privacy leak that in the XKEYSCORE's ages could represent a major risk. a) Enigmail, Thunderbird's PGP plugin, does send X-Enigmail-Version: header on ALL email sent, also the unencrypted one. b)

Re: [liberationtech] Cryptography Leak in Enigmail / GnuPG

2013-11-24 Thread Moritz Bartl
On 11/24/2013 05:39 PM, Jacob Appelbaum wrote: When a user uses TorBirdy with Enigmail and Thunderbird, we disable those information leaks. We also have a mode (disabled by default due to user complaints) to remove the keyid of the recipient from the PGP encrypted message itself. Important to