Menu
▾
▴
#288 overeager User ID matching
fixed
None
1.7.0
Major
30
1.4.18
All
1.7.2
nobody
2014-08-29
2014-07-23
No
Enigmail 1.7 is choosing the wrong key in some cases due to overeager
matching on the user ID. When matching for e-mail addresses, it needs
to make an exact match on the e-mail address, meaning that it is
either the entire User ID ("alice@example.com"), or that it is enclosed
in angle brackets ("alice alice@example.com").
At the moment, if i have Alice's key, but i'm writing to the people
responsible for solid water at Example Corp (e-mail address
"ice@example.com" -- they don't have a key of their own) then enigmail
in "convenient mode" will happily encrypt to Alice's key, i think
because it found the string "ice@example.com" in her User ID.
I actually ran into this because i wrote to a friend jane@example.org
(who has no key that i know of), and my keyring knows of a
sarahjane@example.org, and Jane received an undecryptable message from
me. :(
fixed in 1.8.0 (and cherry picked into enigmail-1-7-branch)
Last edit: Nicolai Josuttis 2014-07-26