Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
On 10/16/2016 06:36 PM, ban...@openmailbox.org wrote: > On 10/16/2016 7:11:03 PM, mirimir at riseup.net wrote: >> In Thunderbird+Enigmail, do three things: >> >> 1) create a local folder "Drafts", and configure Thunderbird to use it; >> > > Yes good tip. Also Torbirdy configures this. OK, cool. >> 2) in "Thunderbird/Account Settings/OpenPGP Security", check "Encrypt >> draft messages on saving"; and >> >> 3) in "Enigmail Preferences/Sending/Confirm before sending", check >> "Always". > > Enigmail seems to do this by default. Do you use convenient or manual > encryption settings? I use manual settings. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Quote Line Prefixes in Linux Text Editors
On 10/16/2016 7:11:03 PM, mirimir at riseup.net wrote: In Thunderbird+Enigmail, do three things: 1) create a local folder "Drafts", and configure Thunderbird to use it; Yes good tip. Also Torbirdy configures this. 2) in "Thunderbird/Account Settings/OpenPGP Security", check "Encrypt draft messages on saving"; and 3) in "Enigmail Preferences/Sending/Confirm before sending", check "Always". Enigmail seems to do this by default. Do you use convenient or manual encryption settings? -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
On 10/15/2016 08:31 PM, ban...@openmailbox.org wrote: > For security its recommended to compose messages outside the e-mail > client. There were at least two incidents where plaintext was leaked > (claws mail saving drafts unencrypted and Enigmail sending unencrypted > messages). In Thunderbird+Enigmail, do three things: 1) create a local folder "Drafts", and configure Thunderbird to use it; 2) in "Thunderbird/Account Settings/OpenPGP Security", check "Encrypt draft messages on saving"; and 3) in "Enigmail Preferences/Sending/Confirm before sending", check "Always". > Does anyone know how to add quoted line prefixes [1] to messages > composed in a Linux text editor? > > [1] https://en.wikipedia.org/wiki/Posting_style#Quoted_line_prefix -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
> For security its recommended to compose messages outside the e-mail > client. Composing email outside the client is only possible if you use PGP/inline, which is also weak (no clear protection boundary & message tampering). https://dkg.fifthhorseman.net/notes/inline-pgp-harmful/ And you can’t attach file on this mail format, or you leak file names and sizes if you encrypt your attachments outside the client too. No way to send HTML mail too (even if it’s very bad :P). So I don’t know what is the more secured between PGP/inline outside the client or PGP/MIME inside… For plain text and very simple email, surely the first, but in most cases, undecidable and for common emails (with attachments and multipart text/html) certainly the second… Regards, -- Aeris Individual crypto-terrorist group self-radicalized on the digital Internet https://imirhil.fr/ Protect your privacy, encrypt your communications GPG : EFB74277 ECE4E222 OTR : 5769616D 2D3DAC72 https://café-vie-privée.fr/ signature.asc Description: This is a digitally signed message part. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Quote Line Prefixes in Linux Text Editors
Enigmail https://security-tracker.debian.org/tracker/CVE-2014-5369 -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
On Sun, Oct 16, 2016 at 10:08 AM, Jimwrote: > ban...@openmailbox.org wrote: > >> For security its recommended to compose messages outside the e-mail >> client. There were at least two incidents where plaintext was leaked (claws >> mail saving drafts unencrypted and Enigmail sending unencrypted messages). >> > > Would you post links about these incidents? (My google-fu may be a > little weak, assuming these are recent incidents.) > > I may be remembering the wrong incident, but I thought the Engimail issue was (arguably) a little less serious than that - it was sending certain headers unencrypted, so whilst the content was still encrypted there was additional metadata available for analysis. Not great for sure, but a little lower on the scale than described (and if that bug were still present, composing in a text editor still wouldn't help). Might be some other bug though? The claws thing was bug 2965 - http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2965 - when sending a mail, the unencrypted version was written to the Queue folder (and written to the server via IMAP) before being encrypted and sent. I recall seeing something similar and less MUA specific as well, again relating to the fact that drafts were being saved to the server, can't remember where I saw that but here's an OS X specific one - http://arstechnica.com/security/2014/01/secops-failure-gpggmail-on-osx-mavericks-may-store-unencrypted-drafts/ > -- Ben Tasker https://www.bentasker.co.uk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
ban...@openmailbox.org wrote: For security its recommended to compose messages outside the e-mail client. There were at least two incidents where plaintext was leaked (claws mail saving drafts unencrypted and Enigmail sending unencrypted messages). Would you post links about these incidents? (My google-fu may be a little weak, assuming these are recent incidents.) Thanks Jim -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
Re: [tor-talk] Quote Line Prefixes in Linux Text Editors
It might be a bit more complicated than that, as that approach won't wrap properly and may generate the Outlook Express-like situation where quoted lines wrap before 80 characters, resulting in alternating lines being quoted and having a single unquoted word. Unfortunately wrapping while maintaining quoting is really more of a science itself, and you probably won't get format=flowed right when doing it outside your client anyway, so it's always going to look a little janky. On the other hand, maybe that's better than risking unencrypted text leaking, it depends on your situation :) On Sat, Oct 15, 2016, at 20:30, ban...@openmailbox.org wrote: > Found answer for my own question: > > sed 's/^/> /' original > reply > -- > tor-talk mailing list - tor-talk@lists.torproject.org > To unsubscribe or change other settings go to > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Quote Line Prefixes in Linux Text Editors
Found answer for my own question: sed 's/^/> /' original > reply -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
[tor-talk] Quote Line Prefixes in Linux Text Editors
For security its recommended to compose messages outside the e-mail client. There were at least two incidents where plaintext was leaked (claws mail saving drafts unencrypted and Enigmail sending unencrypted messages). Does anyone know how to add quoted line prefixes [1] to messages composed in a Linux text editor? [1] https://en.wikipedia.org/wiki/Posting_style#Quoted_line_prefix -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk