Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Enigmail - The green bar
13 views
Skip to first unread message
Stefan Claas
Jun 14, 2017, 1:40:37 PM6/14/17
to
Hi all,
A question for users who are using Thunderbird with Enigmail.
Let's assume you have carefully checked the public keys of your
communication partners and you decided to locally sign each others
public key, so that you always have the green bar from Enigmail in
Thunderbirds Window displayed. Now let's assume (theoretically) that
Mallory get's access to your computer and replaces a public key from
one of your communication partners with a fake one and which Mallory
assigns trust level "Ultimate", so that it shows up in Thunderbird /
Enigmail with a green bar too. How would you detect this? Do you always
write down the complete Fingerprint of each key on a piece of paper and
compare it with the result on your monitor?
Regards
Stefan
A question for users who are using Thunderbird with Enigmail.
Let's assume you have carefully checked the public keys of your
communication partners and you decided to locally sign each others
public key, so that you always have the green bar from Enigmail in
Thunderbirds Window displayed. Now let's assume (theoretically) that
Mallory get's access to your computer and replaces a public key from
one of your communication partners with a fake one and which Mallory
assigns trust level "Ultimate", so that it shows up in Thunderbird /
Enigmail with a green bar too. How would you detect this? Do you always
write down the complete Fingerprint of each key on a piece of paper and
compare it with the result on your monitor?
Regards
Stefan
ima...@gmail.com
Sep 29, 2017, 10:32:49 AM9/29/17
to
On Wednesday, June 14, 2017 at 11:40:37 AM UTC-6, Stefan Claas wrote:
[...]
Whenever someone breaches security and gains complete access to do such things it is bad... real bad. This is not a PGP issue but a top security issue on your entire system and you need ways to detect if someone was able to do this or there is nothing you can trust on your own system!
[...]
> Mallory get's access to your computer and replaces a public key from
> one of your communication partners with a fake one and which Mallory
> assigns trust level "Ultimate", so that it shows up in Thunderbird /
[...]
> one of your communication partners with a fake one and which Mallory
> assigns trust level "Ultimate", so that it shows up in Thunderbird /
Whenever someone breaches security and gains complete access to do such things it is bad... real bad. This is not a PGP issue but a top security issue on your entire system and you need ways to detect if someone was able to do this or there is nothing you can trust on your own system!
Stefan Claas
Sep 30, 2017, 3:52:47 AM9/30/17
to
you work in a place where people who want to do bad things would
do this while you are at your lunch break and forgot to lock your
computer.
Regards
Stefan
--
https://www.behance.net/futagoza
https://keybase.io/stefan_claas
0 new messages