On Thu, Apr 18, 2024 at 08:16:15PM -0400, Derek Martin wrote: > The message interception scenario is possible, but I think highly > improbable, especially for the sort of people who are using Mutt and > encryption--savvy users. It requires the attacker have superuser > access to the mail system somewhere between you and your genuine > recipients, AND either be known to your recipients, or your recipients > must have no idea who should be on the message. The attacker needs to > be able to prevent the delivery of the original, to have time to > inject the bogus message. And your recipients need to already have > the attacker's public key and trust it, or be set up to automatically > download and use untrusted public keys...
Also, FWIW, I've been using Mutt and encryption for almost 30 years, and I haven't heard of a single case where the way Mutt handles encrypted mail caused someone embarrassment or loss. Not to say there haven't been any, but... at least if there were, not high enough profile to make it HERE. And to be honest, it's been my experience that your recipients are much more likely to leak the stuff you sent them encrypted, through their own stupidity/carelessness than because of any flaw in Mutt. And yes, that has happened to me. Be very careful about relying on encryption to save you. You're probably almost always much better off just not saying whatever you thought you should encrypt. -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
signature.asc
Description: PGP signature
