Menu

#1047 warn when using non-MDC-keys for encryption

wont-fix
nobody
None
2.1.5
Minor
68.4.1
2.2.5
All
---
nobody
2020-01-25
2020-01-21
kolAflash
No

Enigmail should warn, if a message will be encrypted with a non-MDC public key.
(MDC = Modification Detection Code)

You might just get a public key from someone - or have a public key already in your key store - which doesn't support MDC.
Currently you won't recognize this, and Enigmail will encrypt messages with this key without MDC.
As a result, no one (with a recent Enigmail) will be able to read the mail. Not the sender, and also not other CC receipients.

Proposal: Enigmail should warn or simply deny to encrypt messages with a non-MDC public key.

See also:
https://sourceforge.net/p/enigmail/forum/support/thread/03ebee57/

Related

Bugs: #1047

Discussion

  • Patrick Brunschwig

    Patrick Brunschwig - 2020-01-21

    Am 21. Januar 2020 14:01:36 MEZ schrieb kolAflash kolaflash@users.sourceforge.net:

    ** [bugs:#1047] warn when using non-MDC-keys for encryption**

    Status: open
    Created: Tue Jan 21, 2020 01:01 PM UTC by kolAflash
    Last Updated: Tue Jan 21, 2020 01:01 PM UTC
    Owner: nobody

    Enigmail should warn, if a message will be encrypted with a non-MDC public key.
    (MDC = Modification Detection Code)

    You might just get a public key from someone - or have a public key already in your key store - which doesn't support MDC.
    Currently you won't recognize this, and Enigmail will encrypt messages with this key without MDC.
    As a result, no one (with a recent Enigmail) will be able to read the mail. Not the sender, and also not other CC receipients.

    Proposal: Enigmail should warn or simply deny to encrypt messages with a non-MDC public key.

    See also:
    https://sourceforge.net/p/enigmail/forum/support/thread/03ebee57/

    Sent from sourceforge.net because patrick@enigmail.net is subscribed to https://sourceforge.net/p/enigmail/bugs/

    To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/enigmail/admin/bugs/options. Or, if this is a mailing list, you can unsubscribe from the mailing list.
    Actually, if you use a recent version of Gnupg (one released after Efail), the Gnupg will always create MDC. As Enigmail offers upgrades to Gnupg, I really don't see why this is still required.

     

    Related

    Bugs: #1047

    alternate

    • kolAflash

      kolAflash - 2020-01-25

      Excuse me, but you just related to bug to itself!?
      1047 -> 1047

       

  • Patrick Brunschwig

    Patrick Brunschwig - 2020-01-25

    No, I only replied using K-9 (which quotes the original message). This make Sourceforge relate the bug to itself.

     

  • Patrick Brunschwig

    Patrick Brunschwig - 2020-01-25
    • status: open --> wont-fix
     

  • Patrick Brunschwig

    Patrick Brunschwig - 2020-01-25

    Since GnuPG 2.2.8 (released in June 2018), gpg will always apply force-mdc and ignores the preferences set on the key. Therefore I won't implement a complex feature to determine the preferences of keys and warn users to fix them.

     

Log in to post a comment.

MongoDB Logo MongoDB