From kde-pim Mon Oct 24 21:11:42 2011 From: Ingo =?iso-8859-15?q?Kl=F6cker?= Date: Mon, 24 Oct 2011 21:11:42 +0000 To: kde-pim Subject: Re: [Kde-pim] Need help with the undefined reference hack Message-Id: <201110242311.43321 () thufir ! ingo-kloecker ! de> X-MARC-Message: https://marc.info/?l=kde-pim&m=131949075815082 MIME-Version: 1 Content-Type: multipart/mixed; boundary="--===============4479707563705312832==" --===============4479707563705312832== Content-type: multipart/signed; boundary=nextPart1617525.nak8UY85W9; protocol="application/pgp-signature"; micalg=pgp-sha1 Content-transfer-encoding: 7bit --nextPart1617525.nak8UY85W9 Content-Type: Text/Plain; charset="iso-8859-15" Content-Transfer-Encoding: quoted-printable On Thursday 20 October 2011, Milian Wolff wrote: > On Wednesday 19 October 2011 21:48:17 Ingo Kl=F6cker wrote: > > On Wednesday 19 October 2011, Milian Wolff wrote: > > > Christian Mollekopf, 19.10.2011: > > > > On Wednesday, October 19, 2011 1:13 PM, "Andras Mantia" > > > >=20 > > > > wrote: > > > > > Christian Mollekopf wrote: > > > > > > In the long run only if there is a way to get hold of the > > > > > > encrypted/unencrypted content without the MessageViewer. > > > > > > (Frankly I'm not a big fan of using the MessageViewer for > > > > > > the feeder, but it seems to be the only way). > > > > >=20 > > > > > Yes, using the messageviewer for this is not a good solution. > > > > > Sincerely I'd just ignore indexing of encrypted mails for now > > > > > and move the > > > > > feeder to kdepim-runtime. > > > >=20 > > > > I'd prefer that solution too. Objections anyone? > > > >=20 > > > > > There is anyway a need for explicitly enable that indexing > > > > > (as normally the > > > > > user doesn't want to have (part of) its encrypted content > > > > > unencrypted in a > > > > > database), and most users probably don't have that many > > > > > encrypted mails anyway. > > > > >=20 > > > > > Then we can find a solution later for encryption. > > >=20 > > > what what? if encrypted stuff gets indexed in plain text > > > somewhere I'd see that as a severe security breach. So yes, > > > please do disable this - I wasn't even aware that this is done > > > so far! > >=20 > > It has already been said that it's off by default and I agree that > > it must not be enabled without explicit consent of the user. > > Nevertheless I want to point out that it depends on your threat > > model whether indexing encrypted messages is a problem. > >=20 > > If you use mail encryption for protecting the content of messages > > during transit and when stored on an IMAP server then indexing of > > encrypted messages (where the index is stored on your local > > harddisk) is no problem at all. > >=20 > > If your threat model includes physical or remote access to your > > local filesystem/harddisk then not using indexing will not protect > > you because the attacker will simply own your box, steal your > > OpenPGP key and install a keylogger or a special version of gpg in > > order to steal your passphrase. > >=20 > > So, before you talk about a severe security breach please explain > > your threat model. >=20 > I agree that I didn't think too much about it. >=20 > But personally, I still have to insert a password to read encrypted > mails - even though I use gpg agent... So just having the private > key does not seem to be enough?! It's not enough, but somebody who can steal your private key might also=20 be able to steal your passphrase (e.g. by installing a trojan pinentry=20 application). > Also: isn't the nepomuk database back'ed-up by default and hence such > backups would contain the plaintext passwords? Which a user would > then probably move to some other backup place, like an unprotected > usb/harddisk or so.. I don't follow you. What has nepomuk to do with passwords? Are you=20 talking about passwords stored in encrypted messages? > Furthermore, wouldn't the same reasoning of yours ("plaintext is OK > as it's in local files only") also apply to all kind of > configuration files? KWallet e.g. also uses a password by default. > So imo it's good practice to never leave stuff in plaintext around, > "just because it's local". Well, yes and no. I encrypt all of my data using harddisk encryption.=20 This protects my data from people stealing my hardware. It does not=20 protect my data from people breaking into my box, but if my box is=20 rooted then all hope is lost anyway which is why I do not put more=20 effort into additional protection. Given that almost none of the messages I receive are encrypted I'd=20 probably keep encrypted messages from being indexed. I'm not sure what=20 I'd do if a significant amout was encrypted. > And ps: of course this discussion is more or less moot if this > feature is already a) disabled and b) only enabled by explicit user > choice in the future. I fully agree. Regards, Ingo --nextPart1617525.nak8UY85W9 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) iEYEABECAAYFAk6l1I8ACgkQGnR+RTDgudio7wCg1oVm3+MTR3Fd/MI0CX8kH34y ouEAn3fve21RF3ROHcxks0PxDtaDr7nE =cOdn -----END PGP SIGNATURE----- --nextPart1617525.nak8UY85W9-- --===============4479707563705312832== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ KDE PIM mailing list kde-pim@kde.org https://mail.kde.org/mailman/listinfo/kde-pim KDE PIM home page at http://pim.kde.org/ --===============4479707563705312832==--