Bugtraq mailing list archives
Re: crypto flaw in secure mail standards
From: Richard Atterer <atterer () informatik tu-muenchen de>
Date: Thu, 28 Jun 2001 13:46:39 +0200
There is another issue with the OpenPGP standard which should have been addressed a long time ago: The "Subject:" line is not encrypted for encrypted mail. Even *if* you know about this, it is inconvenient: You always try to find a subject which is still meaningful to the addressee, but not to anyone else. However, if a user does not know about this, it is a dangerous gap in PGP's security: In many cases, one can deduce the content of the encrypted mail from the subject header. PGP and MUAs with PGP support should either make it very clear that the subject is not encrypted, or (ideally) a facility for encrypted message headers should be added to OpenPGP. Richard -- __ _ |_) /| Richard Atterer | \/¯| http://atterer.net ¯ ´` ¯
Attachment:
_bin
Description:
Current thread:
- crypto flaw in secure mail standards Don Davis (Jun 22)
- Re: crypto flaw in secure mail standards Gregory Steuck (Jun 22)
- Re: crypto flaw in secure mail standards David Howe (Jun 22)
- Re: crypto flaw in secure mail standards Florian Weimer (Jun 24)
- <Possible follow-ups>
- crypto flaw in secure mail standards Don Davis (Jun 24)
- Re: crypto flaw in secure mail standards David Howe (Jun 24)
- Re: crypto flaw in secure mail standards Jim Halfpenny (Jun 25)
- Re: crypto flaw in secure mail standards Riad S. Wahby (Jun 24)
- Re: crypto flaw in secure mail standards Tollef Fog Heen (Jun 27)
- Re: crypto flaw in secure mail standards Richard Atterer (Jun 28)
- Re: crypto flaw in secure mail standards Robert Bihlmeyer (Jun 29)