Re: [Tails-dev] [review][website] #9356 warn about char enco…

Delete this message

Reply to this message
Autor: intrigeri
Data:  
Dla: The Tails public development discussion list
Temat: Re: [Tails-dev] [review][website] #9356 warn about char encoding on OpenPGP
sajolida wrote (09 Jun 2015 14:57:28 GMT) :
> Ok, so your hypothesis is that there shouldn't be problems if exchanging
> emails between two operating system or applications that default to
> UTF-8. Did I understand correctly?


That's right, this was my hypothesis. But dkg later explained that it
still might cause security problems, even if in the ideal
(non-adversarial) case, the text renders just fine.

> If we think this issue is "dangerous" or that PGP/inline should
> disappear from the cyberspace, then we might be better off stopping
> recommending Tails OpenPGP APllet as an option in the first place.


It is apparently a bit dangerous, but for many people it's the only
workable option so far, so I'm not in favour of removing it. I mean,
we allow sending passwords over plaintext HTTP connections, even if
that's dangerous.

Cheers,
--
intrigeri