Hi, Jeff Anderson wrote (24 Feb 2015 03:54:31 GMT) : > I was using Claws with PGP MIME. I am setup to use IMAP (not POP). I > prepared a message and set it to encrypt the content. Then I selected "Send > Later". The message went into the Queue folder. [...] > I worry that this is viewable on the mail server side... so I login through > Squirlmail web interface. I go to the Queue folder. I see the content of my > email and it is not encrypted.
Ouch! > I think the above is a security issue. It means that any system > administrator on the mail server side should be able to extract the > plaintext Body content from all my emails. Indeed. Redirecting the discussion to [email protected], then. Please drop tails-support@ from the Cc list on next replies. Jeff, do you read that list or should we keep Cc'ing you? > My solution was to switch from "PGP MIME" to "PGP Inline" for the Privacy > preference in the Mail Account settings. Unfortunately PGP inline has its own share of issues (lack of standardization, inter-operability problems, basically unusable when mixing different char encodings, etc.) so I'd rather avoid make it the default. > I am wondering if this issue is mentioned anywhere in the Tails documents > online. As I think this is a pretty big hole for those expecting to use > Claws and PGP to safely encrypt content that cannot be viewed by a 3rd > party. Indeed, at the very least we should warn users about it. But let's first try and find a nicer solution. Is there a way to configure Claws Mail to use a different Queue directory, e.g. a locally stored one instead of one that's synchronized with the remote IMAP server? (As a beneficial side-effect, this would also make sending email faster :) > I appreciate your time, Thanks a lot for the detailed report! Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list [email protected] https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to [email protected].
