Re: [Tails-dev] [Tails-support] PGP MIME is insecure (for me…

Delete this message

Reply to this message
Author: Jeff Anderson
Date:  
CC: tails-dev
Subject: Re: [Tails-dev] [Tails-support] PGP MIME is insecure (for me)
Hi,

I decided to follow these instructions:

=== quote ===
Brian Morrison 2014-07-15 17:14:27 CEST

The way to fix this is to create a local MH mailbox on your machine
and point the sent and queue (and any others you want) to that local
mailbox. Then your encrypted mail will not be stored on the IMAP server.

=== end quote ===

This worked very well and was easy to setup. It allows you to continue to
use "MIME" instead of "inline" PGP with claws, and stores the Drafts or
Queue/Outbox messages locally.

I spoke with someone at claws and they told me that this is a known issue.
It has something to do with the fact that once you encrypt a message for
the receiving party, you may not be able to decrypt it yourself. A message
in the 'drafts' folder is incomplete by definition and may need to be
re-opened by the sender in plaintext to make adjustments. So the message
cannot be fully encrypted while in the draft section.

Anyhow, the best solution is to create a local mail folder and redirect
drafts and queued messages to this. It may be a good idea to mention this
somewhere in the Tails docs, as I think most users of Tails will probably
want their emails to be encrypted prior to leaving their local box.

btw: I am now subscribed to the tails-dev list. no need to send to me
directly anymore.

Sincerely, Jeff Anderson.

On Fri, Feb 27, 2015 at 6:12 PM, Daniel Kahn Gillmor <dkg@???>
wrote:

> On Fri 2015-02-27 06:23:17 -0500, intrigeri <intrigeri@???> wrote:
> > Jeff Anderson wrote (24 Feb 2015 03:54:31 GMT) :
> >> I was using Claws with PGP MIME. I am setup to use IMAP (not POP). I
> >> prepared a message and set it to encrypt the content. Then I selected
> "Send
> >> Later". The message went into the Queue folder.
> > [...]
> >> I worry that this is viewable on the mail server side... so I login
> through
> >> Squirlmail web interface. I go to the Queue folder. I see the content
> of my
> >> email and it is not encrypted.
> >
> > Ouch!
>
> This sounds like a bug in Claws. has it been reported to the claws
> upstream developers?
>
> I would phrase it as "Queued mail marked for PGP/MIME encryption is not
> encrypted in queue".
>
> Have you checked the situation for messages in the draft folders as
> well?
>
> >> My solution was to switch from "PGP MIME" to "PGP Inline" for the
> Privacy
> >> preference in the Mail Account settings.
> >
> > Unfortunately PGP inline has its own share of issues (lack of
> > standardization, inter-operability problems, basically unusable when
> > mixing different char encodings, etc.) so I'd rather avoid make it
> > the default.
>
> I agree with intrigeri here. This is a bug, and it needs to be fixed,
> not worked-around.
>
> > Is there a way to configure Claws Mail to use a different Queue
> > directory, e.g. a locally stored one instead of one that's
> > synchronized with the remote IMAP server? (As a beneficial
> > side-effect, this would also make sending email faster :)
>
> this seems like it would be a problematic solution for tails users in
> particular. If the goal is to queue a message for sending later, and
> you use IMAP, you'd like to be able to defer sending until your next
> Tails session, at which point the local queue would not exist, right?
> Or are we assuming the user's Claws config is in the persistence volume?
>
>    --dkg

>