On Sun, Oct 16, 2016 at 10:08 AM, Jim <jimmy...@copper.net> wrote:

> ban...@openmailbox.org wrote:
>> For security its recommended to compose messages outside the e-mail
>> client. There were at least two incidents where plaintext was leaked (claws
>> mail saving drafts unencrypted and Enigmail sending unencrypted messages).
> Would you post links about these incidents?  (My google-fu may be a
> little weak, assuming these are recent incidents.)
I may be remembering the wrong incident, but I thought the Engimail issue
was (arguably) a little less serious than that - it was sending certain
headers unencrypted, so whilst the content was still encrypted there was
additional metadata available for analysis. Not great for sure, but a
little lower on the scale than described (and if that bug were still
present, composing in a text editor still wouldn't help). Might be some
other bug though?

The claws thing was bug 2965 -
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965 -
when sending a mail, the unencrypted version was written to the Queue
folder (and written to the server via IMAP) before being encrypted and sent.

I recall seeing something similar and less MUA specific as well, again
relating to the fact that drafts were being saved to the server, can't
remember where I saw that but here's an OS X specific one -

Ben Tasker
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to

Reply via email to