On 14/05/18 12:25, Robert J. Hansen wrote: > The problem is that gpg doesn't say anything. I would expect a > DECRYPTION_FAILED message here:
So perhaps the solution is to throw a big warning and prompt when an integrity check failure is thrown by gnupg? That would mitigate the current issue, but allow for reading pre-MDC emails as per Werner's earlier link. The problem here is that an integrity failure is a serious error when it occurs in a context where oracle behaviour is possible (such as email), but it's much less serious when used outside that context. Just because gnupg says it's only a warning-level offence doesn't mean enigmail should agree... -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
