-
-
Notifications
You must be signed in to change notification settings - Fork 303
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BCC leakage in encrypted mail #4234
Comments
Hmmm!
Seems good. The delivered message doesn't show the BCC.
Seems bad, but can be expected: we only encrypt once.
And seems good. The protected headers don't show the BCC. It's just the list of encryption recipients.
We could fix it in several ways:
The first one is what you suggest. At first glance, I agree, as I think it will be simpler to implement. |
thunderbird(1) is also vulnerable to this issue (but at least they show a warning). While composing such a message, it shows a warning:
And a button "Understood". The commit that added that warning to thunderbird(1) was:
The repository is <git@github.com:mozilla/releases-comm-central.git>. |
It seems we can. I'll need to learn more about how we encrypt, and how gpgme works, but here's what I saw, which sounds like we can:
The docs for gpgme_op_encrypt_ext() are here: Which documents a way to hide recipients: |
Great find! That sounds perfect! Here's an HTML version of the docs: https://www.gnupg.org/documentation/manuals/gpgme/Encrypting-a-Plaintext.html |
I'll prepare a patch next week. :) |
I've been looking at the code, and it needs some non-trivial work, compared to the other patch sets I have pending. I'll queue this after the other crypto patches. I may refactor some stuff before doing it. The thing is that we write the key list (a string) too early, and then we don't remember what is bcc and what's not. So I need to pass two keylists: one normal and one hidden. That'll need some refactor. |
@dd9jn reported that this approach would be problematic. He suggested sending separate mails to each BCC, which as a user, I agree it provides a beter UX. It will be painful to implement it, though. :-) Any opinions? |
Yeah, I mentioned the same idea in #4251 / For plain emails, it'd be a piece of cake. When signing/encryption is involved, it gets messy. It desperately needs breaking up, but I haven't investigated at all. Feeling brave, Alex? ;-) |
Yeah, I guess I should do it, as a punishment for making the bug shallow. :-) It'll take some time, possibly a year, though. It'll get to the end of my queue, after I learn more about neomutt(1)'s internals. |
I'll paste @flatcap 's original report (#4223 (comment)):
bcc leakage!
This isn't a bug in your changes, just a general feature of (Neo)Mutt.
Experimenting with both your PRs (#4221, #4227)...
I sent a signed/encrypted email to multiple recipients:
Compose
Note, I have:
set pgp_self_encrypt = yes
Email arrived (annotated with key owners)
NeoMutt effectively encrypts like
gpg --recipient
.In the example above, the recipients can infer that
Cate Blanchett
was also sent a copy of the email.Can we change the behaviour to mimic
gpg --hidden-recipient
for thebcc:
field?The text was updated successfully, but these errors were encountered: