[Cryptography] Critical PGP and S/MIME bugs can reveal encrypted emails— ?uninstall now?
Ray Dillinger
bear at sonic.net
Mon May 14 15:12:58 EDT 2018
On 05/14/2018 10:55 AM, Erik wrote:
> I've been following this, and one thing I'm confused about is what it
> means by "automatic".
>
> For instance, most people type in a password to decrypt an e-mail, and
> the rest of the e-mails are then decrypted when you click on them. Is
> this "Automatic"?
>
> Do I really have to disable enigmail, or do I have to simply not decrypt
> any messages until more information is released?
Speculation currently is that there is some information leakage
to an HTTP server when an HTML webpage is rendered from a URL
given in an encrypted email.
This is speculation, not certainty.
Bear
More information about the cryptography
mailing list