Re: [Tails-dev] PGP MIME is insecure (for me)

This message is part of the following thread:
Mthe complete thread tree sorted by date
M\emmapeel at <-
MM 
Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
New-Topics: [Tails-dev] #8999: Claws Mail leaks cleartext of encrypted email to the IMAP server [was: Re: PGP MIME is insecure (for me)]
Subject: Re: [Tails-dev] PGP MIME is insecure (for me)
Adam Burns:
> On 04/03/2015 11:48 AM, intrigeri wrote:
>> Hi Adam,
>>
>> Adam Burns wrote (02 Apr 2015 07:10:26 GMT) :
>>> It's my understanding that the issue is the current default Claws
>>> configuration of the Drafts / Queue folders being over IMAP (and being auto-
>>> saved) when they are perhaps better local (RAM disk or persistent volume).
>>
>> Right. The easiest ways to fix the problem for real were tried
>> already, and failed => see the "PGP MIME is insecure (for me)" thread
>> on this mailing-list. Perhaps a less easy but working solution exists.
>> Let's please keep the discussion going in that other thread, otherwise
>> if it's spread over multiple threads it's going to be hard to
>> follow :)
>
> Reassigning Drafts/Queue folders to an MH local seems to be very messy,
> not (eaaily) templatable and confusing to users now with 2 mailbox
> accounts, one IMAP, one local.

Yeah, it's messy and I'd rather do without it. Unfortunately, I'm not
sure that possible. And honestly, I'm more worried about having a low
percentage of affected user that will get to know about this workaround
and apply it, than about their percentage of success while applying it
(even if it's messy).

> sajolida, I note your recent posts in Claws bugzilla
>
> http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2661
> and
> http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965
>
> Not sure there is much impetus by Claws team to act on this

Sadly...

> however, I note in
>
> http://www.webupd8.org/2014/05/claws-mail-310-released-with-auto.html
> 
> "Changes in Claws Mail 3.10:
> ...
>     Added a preference to avoid automatically drafting emails that are
> to be sent encrypted (Configuration > Preferences > Compose > Writing); "

>
> Quick tests under version *3.11.1* (in Fedora 21) show the problem to go
> away (yay!) when deselecting Preferences->Writing->Automatically save
> messge to Draft->Even if message is to be encrypted". This should be
> templatable.

That sounds interesting. I wonder why Claws mail upstream didn't mention
this on those bug tickets...

But this doesn't solve everything because: 

  - It only disables automatic saving of drafts. If you save drafts
    manually, then they are still saved in plain text on the server.
  - It doesn't affect queued messages ("Send later").


> Don't know the policy on application version bumping in Tails, but it
> appears that the easiest way forward may be to upgrade Claws to >3.10?

First of all we need stuff to be available in Debian and installable in
Tails. After a quick check on:

- https://tracker.debian.org/pkg/claws-mail

I see that two versions could be candidates: 

  - 3.10.1-2~bpo70+1 from wheezy-backports. I tested this one and it's
    easy to install on Tails and has your new option.
  - 3.11.1-3 which from jessie is not possible to install on Tails.


So we should consider installing claws-mail 3.10.1-2~bpo70+1 from
wheezy-backports.

I created a ticket for that:

- https://labs.riseup.net/code/issues/9302

And could you also check if we can document using this backport version
even if it's not in our official release, through the additional
software packages. See:

-
https://tails.boum.org/doc/first_steps/persistence/configure#additional_software
- https://labs.riseup.net/code/issues/9161#note-3

Because this could change the calendar for the advisory.

I'm also wondering why we propose IMAP by default (and not POP which
doesn't suffer from these flaws). I'm raising this point here:

- https://labs.riseup.net/code/issues/9303 

  - If we are afraid of people losing emails while doing configuration
    attempts, then we could configure POP to not remove email from the
    server by default.
  - Furthermore, doing POP over Tor must be way more comfortable than
    doing IMAP.
  - This will likely have some beneficial side effect as more people
    might configure their POP through the configuration assistant and
    avoid the persistence issue of #6263.


>> Fully agreed. I believe BitingBird has added notes to this effect on
>> an existing ticket, but I don't remember which one. BitingBird, will
>> you take it from now on, and perhaps introduce Adam to our processes
>> and tools to work on documentation?
>
> I assume BitingBird has been busy, but if there are pointers to this,
> would appreciate them to help out in more depth.

In the end I said I would work on the security advisory myself, but
first I want to make sure to understand what to write (depending on what
could be fixed or worked around and when).

Feel free to be faster than me. In such case I recommend you to dump
ideas or drafts on the ticket directly:

- https://labs.riseup.net/code/issues/9161

--
sajolida

This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] Tails contributors meeting: Sunday May 03Re: [Tails-dev] Tails contributors meeting: Sunday May 03->
lists.autistici.org administrated by postmasterLurker (version 2.3)