Author: intrigeri Date: To: tails-dev CC: User support for Tails, Jeff Anderson Subject: Re: [Tails-dev] [Tails-support] PGP MIME is insecure (for me)
Hi,
Jeff Anderson wrote (24 Feb 2015 03:54:31 GMT) : > I was using Claws with PGP MIME. I am setup to use IMAP (not POP). I
> prepared a message and set it to encrypt the content. Then I selected "Send
> Later". The message went into the Queue folder. [...] > I worry that this is viewable on the mail server side... so I login through
> Squirlmail web interface. I go to the Queue folder. I see the content of my
> email and it is not encrypted.
Ouch!
> I think the above is a security issue. It means that any system
> administrator on the mail server side should be able to extract the
> plaintext Body content from all my emails.
Indeed. Redirecting the discussion to tails-dev@???, then.
Please drop tails-support@ from the Cc list on next replies.
Jeff, do you read that list or should we keep Cc'ing you?
> My solution was to switch from "PGP MIME" to "PGP Inline" for the Privacy
> preference in the Mail Account settings.
Unfortunately PGP inline has its own share of issues (lack of
standardization, inter-operability problems, basically unusable when
mixing different char encodings, etc.) so I'd rather avoid make it
the default.
> I am wondering if this issue is mentioned anywhere in the Tails documents
> online. As I think this is a pretty big hole for those expecting to use
> Claws and PGP to safely encrypt content that cannot be viewed by a 3rd
> party.
Indeed, at the very least we should warn users about it. But let's
first try and find a nicer solution.
Is there a way to configure Claws Mail to use a different Queue
directory, e.g. a locally stored one instead of one that's
synchronized with the remote IMAP server? (As a beneficial
side-effect, this would also make sending email faster :)
> I appreciate your time,