Re: [Tails-dev] [Tails-support] PGP MIME is insecure (for me…

Delete this message

Reply to this message
Autor: Daniel Kahn Gillmor
Data:  
Dla: intrigeri, tails-dev
CC: Jeff Anderson
Temat: Re: [Tails-dev] [Tails-support] PGP MIME is insecure (for me)
On Fri 2015-02-27 06:23:17 -0500, intrigeri <intrigeri@???> wrote:
> Jeff Anderson wrote (24 Feb 2015 03:54:31 GMT) :
>> I was using Claws with PGP MIME. I am setup to use IMAP (not POP). I
>> prepared a message and set it to encrypt the content. Then I selected "Send
>> Later". The message went into the Queue folder.
> [...]
>> I worry that this is viewable on the mail server side... so I login through
>> Squirlmail web interface. I go to the Queue folder. I see the content of my
>> email and it is not encrypted.
>
> Ouch!


This sounds like a bug in Claws. has it been reported to the claws
upstream developers?

I would phrase it as "Queued mail marked for PGP/MIME encryption is not
encrypted in queue".

Have you checked the situation for messages in the draft folders as
well?

>> My solution was to switch from "PGP MIME" to "PGP Inline" for the Privacy
>> preference in the Mail Account settings.
>
> Unfortunately PGP inline has its own share of issues (lack of
> standardization, inter-operability problems, basically unusable when
> mixing different char encodings, etc.) so I'd rather avoid make it
> the default.


I agree with intrigeri here. This is a bug, and it needs to be fixed,
not worked-around.

> Is there a way to configure Claws Mail to use a different Queue
> directory, e.g. a locally stored one instead of one that's
> synchronized with the remote IMAP server? (As a beneficial
> side-effect, this would also make sending email faster :)


this seems like it would be a problematic solution for tails users in
particular. If the goal is to queue a message for sending later, and
you use IMAP, you'd like to be able to defer sending until your next
Tails session, at which point the local queue would not exist, right?
Or are we assuming the user's Claws config is in the persistence volume?

--dkg