Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] [review][website] #9356 warn about char encoding on
OpenPGP
sajolida wrote (09 Jun 2015 14:57:28 GMT) : > Ok, so your hypothesis is that there shouldn't be problems if exchanging
> emails between two operating system or applications that default to
> UTF-8. Did I understand correctly?
That's right, this was my hypothesis. But dkg later explained that it
still might cause security problems, even if in the ideal
(non-adversarial) case, the text renders just fine.
> If we think this issue is "dangerous" or that PGP/inline should
> disappear from the cyberspace, then we might be better off stopping
> recommending Tails OpenPGP APllet as an option in the first place.
It is apparently a bit dangerous, but for many people it's the only
workable option so far, so I'm not in favour of removing it. I mean,
we allow sending passwords over plaintext HTTP connections, even if
that's dangerous.