Re: [Tails-dev] [review][website] #9356 warn about char enco…

Delete this message

Reply to this message
Author: sajolida
Date:  
To: The Tails public development discussion list
Subject: Re: [Tails-dev] [review][website] #9356 warn about char encoding on OpenPGP
intrigeri:
> sajolida wrote (09 Jun 2015 14:57:28 GMT) :
>> Ok, so your hypothesis is that there shouldn't be problems if exchanging
>> emails between two operating system or applications that default to
>> UTF-8. Did I understand correctly?
>
> That's right, this was my hypothesis. But dkg later explained that it
> still might cause security problems, even if in the ideal
> (non-adversarial) case, the text renders just fine.
>
>> If we think this issue is "dangerous" or that PGP/inline should
>> disappear from the cyberspace, then we might be better off stopping
>> recommending Tails OpenPGP APllet as an option in the first place.
>
> It is apparently a bit dangerous, but for many people it's the only
> workable option so far, so I'm not in favour of removing it. I mean,
> we allow sending passwords over plaintext HTTP connections, even if
> that's dangerous.


I'm fine with keep it. Note that the difference here is that we don't
provide specific tools or have documentation pages about sending your
passwords over HTTP in plaintext :)

--
sajolida