From kmail-devel  Tue May 30 14:33:03 2000
From: owner () bugs ! kde ! org (Stephan Kulow)
Date: Tue, 30 May 2000 14:33:03 +0000
To: kmail-devel
Subject: Bug#4148: marked as done ("Privacy bug": mail may be sent unencrypted w/o notice)
X-MARC-Message: https://marc.info/?l=kmail-devel&m=95969727205277

Your message dated Wed, 31 May 2000 00:30:26 +1000
with message-id <00053100302601.27366@localhost.localdomain>
and subject line Bug#4148: Privacy bug": mail may be sent unencrypted w/o notice
has caused the attached bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I'm
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Stephan Kulow
(administrator, KDE bugs database)

Received: (at submit) by bugs.kde.org; 28 May 2000 07:43:23 +0000
From starosti@zedat.fu-berlin.de Sun May 28 09:43:23 2000
Received: from mail.zedat.fu-berlin.de ([130.133.1.48]:36872 "EHLO
        Mail.ZEDAT.FU-Berlin.DE") by master.kde.org with ESMTP
        id <S741839AbQE1HnF>; Sun, 28 May 2000 09:43:05 +0200
Received: by Mail.ZEDAT.FU-Berlin.DE (Smail3.2.0.98)
          from tux.under.world (130.133.202.201) with esmtp
          id <m12vxiy-00NxZXC>; Sun, 28 May 2000 09:43:04 +0200 (MEST)
Received: (from malte@localhost)
        by tux.under.world (8.10.0/8.10.0) id e4S7hBI02436;
        Sun, 28 May 2000 09:43:11 +0200
Date:   Sun, 28 May 2000 09:43:11 +0200
Message-Id: <200005280743.e4S7hBI02436@tux.under.world>
From:   Malte Starostik <starosti@zedat.fu-berlin.de>
To:     submit@bugs.kde.org
Subject: "Privacy bug": mail may be sent unencrypted w/o notice
Return-Path: <starosti@zedat.fu-berlin.de>
X-Orcpt: rfc822;submit@bugs.kde.org

Package: kmail
Version: 1.1.48 (KDE 1.90 Beta >= 20000517)
Severity: grave

PGP, at least v. 6.5.1i asks for confirmation when you're about to encrypt with an
untrusted puplic key. I consider it a design flaw in PGP that this confirmation
is requested even in batch mode. But anyway, KMail IMHO reacts in an
unacceptible way:
If you select to encrypt a message and the recipient's public key is "untrusted",
the mail will be sent *unencrypted* without the slightest warning.
I could imagine that the same might happen when there are other problems,
not sure though. I suggest to check if PGP's output is really an encrypted
message and else give the user a chance to abort.
Thanks,
-Malte