[Kde-pim] Need help with the undefined reference hack
Ingo Klöcker
kloecker at kde.org
Wed Oct 19 20:48:17 BST 2011
On Wednesday 19 October 2011, Milian Wolff wrote:
> Christian Mollekopf, 19.10.2011:
> > On Wednesday, October 19, 2011 1:13 PM, "Andras Mantia"
> >
> > <amantia at kde.org> wrote:
> > > Christian Mollekopf wrote:
> > > > In the long run only if there is a way to get hold of the
> > > > encrypted/unencrypted content without the MessageViewer.
> > > > (Frankly I'm not a big fan of using the MessageViewer for the
> > > > feeder, but it seems to be the only way).
> > >
> > > Yes, using the messageviewer for this is not a good solution.
> > > Sincerely I'd just ignore indexing of encrypted mails for now and
> > > move the
> > > feeder to kdepim-runtime.
> >
> > I'd prefer that solution too. Objections anyone?
> >
> > > There is anyway a need for explicitly enable that indexing (as
> > > normally the
> > > user doesn't want to have (part of) its encrypted content
> > > unencrypted in a
> > > database), and most users probably don't have that many encrypted
> > > mails anyway.
> > >
> > > Then we can find a solution later for encryption.
>
> what what? if encrypted stuff gets indexed in plain text somewhere
> I'd see that as a severe security breach. So yes, please do disable
> this - I wasn't even aware that this is done so far!
It has already been said that it's off by default and I agree that it
must not be enabled without explicit consent of the user. Nevertheless I
want to point out that it depends on your threat model whether indexing
encrypted messages is a problem.
If you use mail encryption for protecting the content of messages during
transit and when stored on an IMAP server then indexing of encrypted
messages (where the index is stored on your local harddisk) is no
problem at all.
If your threat model includes physical or remote access to your local
filesystem/harddisk then not using indexing will not protect you because
the attacker will simply own your box, steal your OpenPGP key and
install a keylogger or a special version of gpg in order to steal your
passphrase.
So, before you talk about a severe security breach please explain your
threat model.
Regards,
Ingo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://mail.kde.org/pipermail/kde-pim/attachments/20111019/ed2d90fa/attachment.sig>
-------------- next part --------------
_______________________________________________
KDE PIM mailing list kde-pim at kde.org
https://mail.kde.org/mailman/listinfo/kde-pim
KDE PIM home page at http://pim.kde.org/
More information about the kde-pim
mailing list