Open Bug 1660191 Opened 5 years ago Updated 5 years ago

Protect OpenPGP draft message flags against an malicious mail server admin

Categories

(MailNews Core :: Security: OpenPGP, defect)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
defect

Tracking

(Not tracked)

People

(Reporter: KaiE, Unassigned)

References

Details

Enigmail 2.1.7 uses a plain text header to remember the email encryption/signing flags of a saved draft. For the initial implementation in bug 1650551 we consider to use the same mechanism.

With this mechanism, draft messages will always be saved encryption, regardless of the encryption/signing flags the user has chosen.

If the user has already enabled encryption for a message, and the admin removes the flag, and the user continues to edit a saved draft, then an inattentive user might not notice that the encryption flag is no longer set.

The suggestion is to protect the saved encryption message settings against manipulation.

Depends on: 1650551

Magnus correctly noted another attack vector. The mail admin could modify the sender identity, causing us to use a sender identity which doesn't support encryption.

The improved storage of draft flags should also protect the sender identity information.

You need to log in before you can comment on or make changes to this bug.