Sorry for this possible double posting. I am usually using gmane, but I don't see my mail appearing so I resend it to the list, to which I subscribed now.
> On Tue, 15 May 2018 03:31, je...@seibercom.net said: > My conclusion is that S/MIME is vulnerable in most clients with the > exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the > requirement for a user consent as non-vulnerable. Most of the > non-vulnerable clients use GnuPG as their engine. Well what's about GNU emacs(+gnus/vm/rmail)? I asked in the emacs dev list and the default is to block external HTML images. This client(s) is not mentioned, I presume the authors consider it as being too *hackerish*, but it would be worthwhile to find out that with the blocking I mentioned, GNU emacs is in fact not vulnerable. > For OpenPGP I see lots of no and only a few vulnerable clients: Support > for Outlook 2007 has long been dropped and Gpg4win/GpgOL gives a big > warning when you try to use it with OL2007. All other Outlook versions > are not vulnerable. The case for Thunderbird/Enigmail is not that clear > because the researcher confirmed that Enigmail 2.0 is in general not > vulnerable; we don't know which version of Enigmail was tested. I don't > know Postbox, Apple mailers or Horde IMP. I presume the same is true for gnupg+ GNU emacs(+gnus/vm/rmail). BTW: RMS asked on the emacs devel list whether, and I quote, ,---- | If you allow a mail user agent to render HTML for you, you expose | yourself to various kinds of surveillance and swindles. Now, it seems, | one of those might be a decryption exploit. | | Does the exploit depend on Javascript code that the MUI will execute? `---- Any comments? Thanks Uwe Brauer
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users