-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 14.09.13 14:15, Max Maass wrote: > On 09/14/2013 01:56 PM, Lars Noodén wrote: >> Hi, > >> I notice that if a message draft is started encrypted and then >> postponed, it becomes unencrypted when the message is continued. >> The box becomes unchecked in the Encrypt Message checkbox under >> the OpenPGP menu. Then, unless encryption is re-specified right >> away, the draft seems to get saved unencrypted in the drafts >> folder. This save is automatic after a few minutes, so there is >> only a short window to manually restore the missing encryption. >> That exposes the contents of the message if no action is taken. > >> This happens every time a message is started, postponed and then >> resumed. > >> The steps to reproduce it are as follows: > >> 1. start a message with encryption 2. save it and then >> postpone it, closing the message 3. find the unfinished message >> in the appropriate drafts folder and resume editing 4. either >> wait for the message to be saved (unencrypted) or repeat steps 2 >> and 3. > >> The message will go from being encrypted to being unencrypted >> every time. > > I can confirm this behaviour on Linux x64 with latest (non-beta) > Enigmail and Thunderbird 17.0.8 (latest from ubuntu repositories). > Never noticed it before, but this is a big information leak.
Is my understanding correct that you only get this behavior if the draft message is _not_ shown before you continue editing it, e.g. if the preview pane is off? - -Patrick -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.20 (Darwin) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEVAwUBUjXGrMk25cDiHiw+AQj5yQf/UYHpr0DSKbWRfzzU6hP3uKj2T+Mwe3jj 7pBzTpQ8jokln9Y2iI8G6Ajt48on9MQYzYkBvBPLAW5qxzSOf5oCD8OLjop9uL0q kOE0JtaIBCtUrUN8xGp+9B2HhibdaoAdgnLj+ZUc4gHwjcDQ84b2p07T0iFbyf67 LmuLJyR5PizW0vZrSB6zIGkLl73yXZaUCCln/IM4S8LfKMXOLYzFoffZwE7QTVsz 109Nvn1D/ZWFOvWYUV4gT/axHCG9OPIVE+qMmdKVMMf/h8L4yoCLez+6h5t6Qpzf lIVTfeOQXEWvUysep9dJuLSL4NTRqQd4ewHSaXBifj5o2Lm2K/A7YQ== =UUCK -----END PGP SIGNATURE----- _______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
