Web lists-archives.com

Re: Thunderbird + Enigmail + saving draft with encryption




On Fri, 2019-02-01 at 18:26 +0000, Paul Sutton wrote:
> Hi
> 
> Thunderbird + Enigmail has an option in "account settings" OpenPGP
> Security to save a draft of a message with encryption, as expected
> this
> saves the draft but with a new subject as "Encrypted message" and it
> appears in drafts as this.
> 
> If you save the message,  close the compose window,  then go to
> Drafts, 
> then reopen the message for more editing before sending the subject
> remains as "Encrypted message" and you lose the original subject
> header.
> 
> I just wondered if this is what is meant to happen ? or is the
> original
> subject header supposed to be restored.  Has anyone else noticed this.

I noticed this a few weeks or a month ago and took it to be a somewhat
inelegant, maybe incompletely implemented, feature intended to improve
metadata security. I believe "Encrypted message" also becomes the
subject of the transmitted message. 

Exposure of the  metadata showing who is in contact with whom, and when,
is pretty much inescapable, but the subject line, which is not
encrypted, also can  provide useful information to an eavesdropper, even
if she cannot decrypt the message body. This is noted in some PGP or GPG
documentation I have seen, accompanied by recommendations to obscure the
Subject: line and put the true subject within the body.

Tom Dial
> 
> System information
> 
> Thunderbird 60.4.0 (64-bit)
> 
> Enigmail 2.0.9
> 
> Distributor ID:    Debian
> Description:    Debian GNU/Linux 9.7 (stretch)
> Release:    9.7
> Codename:    stretch
> psutton@zleap:~$
> 
> Linux zleap 4.9.0-8-amd64 #1 SMP Debian 4.9.130-2 (2018-10-27) x86_64
> GNU/Linux
> 
> 
> Paul Sutton
> 
> 
> 
>