[Cryptography] Critical PGP and S/MIME bugs can reveal encrypted emails— ?uninstall now?

Ray Dillinger bear at sonic.net
Mon May 14 15:12:58 EDT 2018



On 05/14/2018 10:55 AM, Erik wrote:
> I've been following this, and one thing I'm confused about is what it
> means by "automatic".
> 
> For instance, most people type in a password to decrypt an e-mail, and
> the rest of the e-mails are then decrypted when you click on them. Is
> this "Automatic"?
> 
> Do I really have to disable enigmail, or do I have to simply not decrypt
> any messages until more information is released?

Speculation currently is that there is some information leakage
to an HTTP server when an HTML webpage is rendered from a URL
given in an encrypted email.

This is speculation, not certainty.

				Bear



More information about the cryptography mailing list