[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#25429: 24.5; mml-secure-message-encrypt-pgpmime warns about some Use
|
From: |
Lars Ingebrigtsen |
|
Subject: |
bug#25429: 24.5; mml-secure-message-encrypt-pgpmime warns about some User IDs with unknown validity but not about others |
|
Date: |
Mon, 23 Sep 2019 01:43:08 +0200 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux) |
Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
> This is a security bug in Emacs' mml mode when composing encrypted
> mail. The flaw allows an attacker to potentially trigger selection of
> the wrong key, and to evade a warning from gpg.
>
> Here's the situation:
>
> I'm composing a mesage in emacs in mml-mode (using notmuch, fwiw, though
> i don't think that matters here), and i want to send it encrypted.
>
> I use mml-secure-message-encrypt-pgpmime (via C-c RET c p) to encrypt
> the message.
>
> I have two friends, Alice and Bob, who have OpenPGP certificates that
> look like this:
[...]
> pub rsa4096 2016-08-16 [SC]
> F3CCEF926FE16622B7050F0804AEEB8BE699F289
> uid [ unknown] Bob <bob@example.net>
> sub rsa4096 2016-08-16 [E]
[...]
> When the mail is addressed only to bob@example.net, i get this warning
> when sending; if i answer "n" then the message doesn't go out:
>
> Untrusted key 04AEEB8BE699F289 Bob <bob@example.net>. Use anyway? (y or n)
I'm trying to triage this bug, but I just tried this in Emacs 27 with a
key that's listed as [unknown], and I do not get this warning. Is there
some additional setting necessary to get the warning?
--
(domestic pets only, the antidote for overdose, milk.)
bloggy blog: http://lars.ingebrigtsen.no
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- bug#25429: 24.5; mml-secure-message-encrypt-pgpmime warns about some User IDs with unknown validity but not about others,
Lars Ingebrigtsen <=