https://bugs.kde.org/show_bug.cgi?id=404698
Daniel Vrátil <dvra...@kde.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |dvra...@kde.org
--- Comment #3 from Daniel Vrátil <dvra...@kde.org> ---
In KMail this attack requires that user would enable "Automatic decryption of
encrypted messages when viewing" option in KMail settings, which is disabled by
default.
Without this option enabled the user has to click on "Decrypt" on the part that
the attacker wants to leak. At this point, the user will still clearly see
which part of the content was encrypted and which part was not. When the user
wants to reply to this decrypted message, the content would indeed get leaked
to the attacker. However, I believe that at this point KMail has done enough to
prevent (by not enabling auto-decryption by default) and warn (by clearly
showing which part is encrypted and which not) the user so he or she could
judge for themselves the potential risks when replying to the message.
--
You are receiving this mail because:
You are watching all bug changes.
