| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: yossarian at planet.nl (yossarian) Subject: Signed e-mail vs. turning off HTML mail under XP > > Alas, the Continue button was just text, just as the tick box to not show me > > this help screen again was not there. This means I'll have to re-enable HTML > > mail, and wait for the next signed mail to arrive.....to turn it off. I > > wonder what will happen to messages that have been tampered with when I have > > turned off HTML mail? I will probably get a warning, but will not be able to > > go beyond that, since it is in ASCII and that does not (AFAIK) support nice > > buttons. So in order to enable signed mail, I will have to enable HTML in my > > mail.... > Good evening Yossarian, > > I'm sorry, do I understand correctly when you say that the mechanism for > verifying / managing signed e-mail seemed to be included within the > e-mail itself -- in html, no less? Although I'm unfamiliar with > certificate-based digitally-signed e-mail (I'm a pgp/gpg kind of guy) I > can't help but be very suspicious. > > Also, you mentioned that the machine will be used for business purposes > and (directly?) connected to the internet. Might I recommend against > using OE for e-mail? Mozilla Thunderbird is what I recommend for > Microsoft folks. The problem is that by turning off HTML for e-mail as a security measure, you disable the correct use of digitally signed e-mail, which by design is a security measure. I cannot verify this behaviour for Outlook since I have no working system with said software.... I am not saying anything about the usefullness (or the opposite) of this signing technology or its alternatives, since everything that needs to be said about it is all over the Internet. Like I said, it is a new machine. Since my business IS security, I use on some systems what Joe Average uses. So I use MS boxes in daily routine work - it keeps me very up to date on threats. Sort of Honeypot thingie but since it is partly production, I have to solve every prob encountered.... Living dangerously on the web. Top O' the morning - it is past midnight!
Powered by blists - more mailing lists