User Details
- User Since
- Mar 27 2017, 4:48 PM (398 w, 6 d)
- Availability
- Available
Jun 11 2015
Hi Werner,
now I am confused as to what I just found on Wikipedia about "Gpg4win": http://de.wikipedia.org/wiki/PGP/MIME
Quotes from that page [translated to English]:
"PGP/MIME is – just as the old PGP/INLINE – an encoding to mark an email for mail clients [as encrypted]."
"Mail clients supporting that encoding can detect if an email and its attachments are encrypted and/or signed with PGP/GnuPG."
"With PGP/MIME it's possible to encrypt all attachments along with the message which is the default behavior." And which is
also a major usability improvement.
Because other mail clients (except for e.g. Kmail and probably some others, too) do not support that encoding yet comes the
quote that puzzled me:
"Government-funded by the German agency "Bundesamt für Sicherheit in der Informationstechnik" (BSI) the software Gpg4win was
published."
I'd like you to explain why you rated that bug low and talk it down when on the other hand GPG OL - which is shipped as part
of Gpg4win - is supposed to support that encoding type?
IMO that's a very strong hint for an incomplete feature or bug.
Has it something to do with closed-source Outlook itself and that GPG OL is not able to change the "Content-Type"? In that
case rating the bug down is no right as it would never get fixed anyways.
Regards
Robert
I'm sorry but that's just a poor excuse for several reasons:
- The security issues arising from HTML mails are a totally different attack vectors.
- Your claim that HTML messages would render encryption useless is wrong unless
there's a severe bug in the encryption/decryption algorithm, that triggers a buffer
overflow when reading the message's text.
- The purpose of encryption is to hide the message content while the mail is traveling
through the web.
- Encryption has got to be independent of the encrypted contents. Otherwise, following
your logic, you should drop encryption of attached ZIP, PDF, EXE, and whatever else
files.
As I said at the end of my first comment: I'd like to fund its fixing as that bug is a
real pain when it comes to interoperability across different OS-boxes/mail clients.
Jun 10 2015
Yes, that's a confirmed workaround. However, sending HTML-Messages is important
to my business. So the bug remains.
Please find attached two encrypted mails sent via Kmail. Kmail can detect both as
PGP-encrypted even the "Inline-OpenPGP" formatted one. There must be some
critical difference to encrypted mails received from Outlook with GPG OL that
cause outlook mails not to be detected as encrypted.