On 11/12/16 02:48, Carola Grunwald wrote:
> Nevertheless the user has to get knowledge of such an attack, which is
> why a header entry reporting the decoding status is added to the message
> forwarded to the client:
> 
> | O-Nym-Crypto: slot=19; sym=3; asym=1; esub=i; 
> account=myacco...@nym.mixmin.net
> | O-Nym-Sig: Good signature (SHA1:[562619C278247C3B] Bananasplit Pseudonym 
> Server (Bananasplit Pseudonymous Email Server) <con...@nym.mixmin.net>; Sat, 
> 10 Dec 2016 02:25:44 +0000)

And is the message still delivered decrypted to the client? Because in
that case, it seems that the only thing preventing a user from
disastrously exposing the relation between two nym accounts is them
noticing the mismatch in this little header in the mail. That seems like
a really riskful user interface. Hopefully the message text is merely
saying "Message encrypted to wrong key", right?

Cheers,

Peter.

-- 
I use the GNU Privacy Guard (GnuPG) in combination with Enigmail.
You can send me encrypted mail if you want some privacy.
My key is available at <http://digitalbrains.com/2012/openpgp-key-peter>

_______________________________________________
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users

Reply via email to