[Users] [Bug 2661] Unencrypted e-mail gets saved on IMAP server
noreply at thewildbeast.co.uk
noreply at thewildbeast.co.uk
Sun Apr 26 22:15:05 CEST 2015
http://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=2661
--- Comment #19 from sajolida at pimienta.org ---
Hi,
I'm part of the people developing Tails (https://tails.boum.org/). I've look
for a development mailing on your website but couldn't find any, so I'm writing
here.
We discovered this bug in Claws Mail only recently and we are very concerned
about it.
Our users use Tails and Claws to work on very sensitive stuff and having drafts
and queued emails sent in plaintext to the remote server is a critical security
issue.
We're tracking this bug on our own bug tracker (duplication, yeah!):
https://labs.riseup.net/code/issues/8999
We tried to work around it to fix the issue in Tails but couldn't a way of
doing it. See https://labs.riseup.net/code/issues/8999#note-10.
So we are considering issusing a security advisory to all our users and
document a manual workaround. See
https://labs.riseup.net/code/issues/8999#note-14.
We were wondering how we should interact with you regarding this (and if this
is of interest to you of course):
Would you be interested in been given some time to patch the issue for good? We
think Claws should propose to store drafts and queued emails encrypted to the
user's public key when saving them on remote server, either by asking on first
time (better) or by having a configuration for that that we set by default in
Tails.
Otherwise, would you like to help us find a better work around Would you like
to see the draft of our security advisory?
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the Users
mailing list