GirlChat #724366
...conceptual problems. Without going into details (which anyone interested will find elsewhere), emails can be intercepted and manipulated in such a way that if you decrypt the mail in your email client, at least part of the decrypted mail will be sent to a third party server — unless you deactivate HTML mails (or at least the loading of images). If you decrypt your mails outside of your mail client, there should be no problem.
The fundamental conceptual problem is that S/MIME has no protection against manipulated messages, while OpenPGP's MDCs are insufficiently implemented. Some clients (such as Enigmail) have already released fixes. How good they are remains to be seen. The safest way is still to handle decryption of encrypted emails outside of your mail client. |