However, the way it is implemented now, this leads to also not loading the signature attachment. The fix was originally intended to stop the Mail app from loading HTML content without the user's consent. The user won't be able to have the message signature verified without loading potentially dangerous remote content.Loading remote content is considered a security problem that can even lead to the leakage of encrypted content as described by EFAIL.I even consider this a severe security problem because: It makes no sense that the verification of signatures is dependent on loading remote content, because the signature file is an inline attachment.I consider this a major bug for the following reasons: However, for security reasons, it is not recommended to load remote content unless it is from a trusted source.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |