The crypto does what it should do: it prevents an attacker from reading your mail. It was never claimed to prevent them from changing, nor does it prevent you from obeying his order saying "send the decrypted content to $here". This absolutely is about HTML in Mail
-
-
-
It does what it claims, it doesn’t do what it should. Which makes it just not good crypto.
End of conversation
New conversation -
-
-
Der Rückkanal ist aber dennoch HTML, nicht?
-
Nein, siehe 6. im Paper
-
On the other hand, for three clients we were able to bypass remote content blocking simply by encrypting the HTML email containing a simple <img src="..."> tag
-
Also entweder liest du jetzt das ganze Kapitel (das geht bis 6.5) oder lässt es halt bleiben
-
Hab ich nun. Aber in den spannendsten Teilen des Papers ist es bemerkenswert unspezifisch.
-
Gmail und S/MIME z. B.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.