Hello, Am Freitag 02 Februar 2018 18:48:08 schrieb Daniel Kahn Gillmor:
I recently learned that default handling of signed S/MIME mail with GnuPG causes an inherent metadata leak about the user's activity: https://dev.gnupg.org/T3348#110132
from briefly reading over the issue I think that "inherent metadata leak" is too broad a term to represent the security pros and cons well enough. Just sending an email or a webpage will also inherently leak meta data for someone listening on the line. So you'll certainly won't disable begin able to send those as well.
As a MUA developer, I'd like my MUA to simply handle as much crypto as it can on the user's behalf automatically, correctly and silently, without needing any special configuration or asking the user to make any tough tradeoffs that they might object to.
Users might also object to the higher exposure to revoked certificates and a more surprising behaviour deviating from the CMS standards (which as far as I know mandate checking the validity of certs). It comes down to post some trust into the implementations and the certificate authorities you chose to use. I think we'd do more for users if we educate them about some of the more basic properties. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Attachment:
signature.asc
Description: This is a digitally signed message part.