From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.org!.POSTED!not-for-mail
From: Lars Ingebrigtsen <larsi@gnus.org>
Newsgroups: gmane.emacs.devel
Subject: Re: Emacs/Mutt and  Efail or OpenPGP is safer than S/MIME?
Date: Wed, 16 May 2018 11:56:32 +0200
Message-ID: <m3sh6r9b5b.fsf@gnus.org>
References: <878t8lfgu3.fsf@mat.ucm.es> <m3bmdhz23p.fsf@gnus.org>
	<87y3gkafex.fsf@mat.ucm.es> <m3lgckbnf8.fsf@gnus.org>
	<87bmdgggct.fsf@mat.ucm.es> <m34lj89cao.fsf@gnus.org>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Trace: blaine.gmane.org 1526464550 28518 195.159.176.226 (16 May 2018 09:55:50 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Wed, 16 May 2018 09:55:50 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.0.50 (gnu/linux)
To: emacs-devel@gnu.org
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed May 16 11:55:46 2018
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane.org
Original-Received: from lists.gnu.org ([208.118.235.17])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fIt9s-0007Jx-HT
	for ged-emacs-devel@m.gmane.org; Wed, 16 May 2018 11:55:44 +0200
Original-Received: from localhost ([::1]:37903 helo=lists.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>)
	id 1fItBz-000142-Db
	for ged-emacs-devel@m.gmane.org; Wed, 16 May 2018 05:57:55 -0400
Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:34126)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fItAy-00012J-Oh
	for emacs-devel@gnu.org; Wed, 16 May 2018 05:56:57 -0400
Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <larsi@gnus.org>) id 1fItAt-00047b-R1
	for emacs-devel@gnu.org; Wed, 16 May 2018 05:56:52 -0400
Original-Received: from hermes.netfonds.no ([80.91.224.195]:41781)
	by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16)
	(Exim 4.71) (envelope-from <larsi@gnus.org>) id 1fItAt-00045p-Jc
	for emacs-devel@gnu.org; Wed, 16 May 2018 05:56:47 -0400
Original-Received: from cm-84.212.221.165.getinternet.no ([84.212.221.165] helo=stories)
	by hermes.netfonds.no with esmtpsa
	(TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2)
	(envelope-from <larsi@gnus.org>) id 1fItAf-0006W2-1n
	for emacs-devel@gnu.org; Wed, 16 May 2018 11:56:38 +0200
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAD1BMVEVmFjRMDyQIAQWDQjUa
	Bg5upm8oAAACVUlEQVQ4jW1UAZLjIAwzTR4Qgx/Q+HhAMvQBgfr/bzqJ9nbbmUtTmFaAZVlG2hqX
	WvSkoWn0lqKXM0qTZlcK39vPYxFXXE3OWI5Uyy9wRhS8ArCJfgLm5YiQeLZ2pE9gw/Co/wE0ls1c
	MoFVR9VcrWLuVhexXW4gJNndw3tg4FPO3OXmRcC34q9qzrn6E4u4WHcdPSY0MHZ7OoFq2v8BQSDs
	GWMX73pgR31/fHAHWbnq8Y7JB0gdT1UATOFWA4t9BsFcCYxdpef6s4fx92RVVneJcK4Pm4fVTWR0
	SQD6XK8RSryKyI1AyDx5osYdS2urilawAq1qrwiOFM6WmKAeDL1bRagd8F0Oys7sZ9IGXVF+/l7a
	DYyGJwJZA8Cz4ziyGqLmM7dclyWlRzA/sZ5EU11JKnss8EFQMXMASUXWN5DeQBkddDdpwgxCkWHs
	5Fy4I66lHbkO60eKa92pboGM4jBdWx2V6qYywO+ifVzs3toCJXecEzYyy1gU6a93ugQs4Vnsojpe
	DOqeFQBWQQ3Ez1OtAr6i+CabtlJ9CWkFNRCrGO1VvHcNo1Cw6Jr6iKhmGkb/7FY0w+0qqEcHJRZ3
	Om6UDTWPbUM3zBrSnlTEL4gw26CdtFNMD9Fwu1jgtYMWNZoTIdAKONy6PCIIKIHRuUAXQUFkBUCL
	s0Cg3s0vuqQD247hf35bLbO1HxfykJa/2nmqiwS3s+X+1bU46kG6xzG2rz5nDAAhp/flE7gaLwA4
	AzkbHaQ6e4MS4Mpob2WDmY368jsuI9Qb+mbvm7KPlKXacEuVv1wRtjpQ88iGAAAAAElFTkSuQmCC
In-Reply-To: <m34lj89cao.fsf@gnus.org> (Lars Ingebrigtsen's message of "Wed,
	16 May 2018 11:31:43 +0200")
X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic]
	[fuzzy]
X-Received-From: 80.91.224.195
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/emacs-devel/>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
	<mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org
Original-Sender: "Emacs-devel" <emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org>
Xref: news.gmane.org gmane.emacs.devel:225335
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/225335>

Lars Ingebrigtsen <larsi@gnus.org> writes:

> Uwe Brauer <oub@mat.ucm.es> writes:
>
>> The point is that sometimes I receive email containing mathematical
>> formula in png format, which are displayed. So I checked and I have
>>
>> ,----
>> | gnus-blocked-images is a variable defined in =E2=80=98gnus-art.el=E2=
=80=99.
>> | Its value is nil
>
> [...]
>
>> Do I understand that in this case I am vulnerable?
>
> Yes.

That is, if you load external resources, you've vulnerable to
information leakage, and people will track whether you've read their
emails and stuff.

You're not vulnerable to the first form of the S/MIME attack, because
Gnus isn't insane, but you are somewhat vulnerable to the second form
(the one that involves mangling the encrypted PGP payload itself).

--=20
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no