Re: [Full-Disclosure] Signed e-mail vs. turning off HTML mail under XP
From: yossarian (yossarian_at_planet.nl)
To: Cael Abal <firstname.lastname@example.org>, email@example.com Date: Sat, 11 Oct 2003 01:41:33 +0200
> > Alas, the Continue button was just text, just as the tick box to not
> > this help screen again was not there. This means I'll have to re-enable
> > mail, and wait for the next signed mail to arrive.....to turn it off. I
> > wonder what will happen to messages that have been tampered with when I
> > turned off HTML mail? I will probably get a warning, but will not be
> > go beyond that, since it is in ASCII and that does not (AFAIK) support
> > buttons. So in order to enable signed mail, I will have to enable HTML
> > mail....
> Good evening Yossarian,
> I'm sorry, do I understand correctly when you say that the mechanism for
> verifying / managing signed e-mail seemed to be included within the
> e-mail itself -- in html, no less? Although I'm unfamiliar with
> certificate-based digitally-signed e-mail (I'm a pgp/gpg kind of guy) I
> can't help but be very suspicious.
> Also, you mentioned that the machine will be used for business purposes
> and (directly?) connected to the internet. Might I recommend against
> using OE for e-mail? Mozilla Thunderbird is what I recommend for
> Microsoft folks.
The problem is that by turning off HTML for e-mail as a security measure,
you disable the correct use of digitally signed e-mail, which by design is a
security measure. I cannot verify this behaviour for Outlook since I have no
working system with said software....
I am not saying anything about the usefullness (or the opposite) of this
signing technology or its alternatives, since everything that needs to be
said about it is all over the Internet.
Like I said, it is a new machine. Since my business IS security, I use on
some systems what Joe Average uses. So I use MS boxes in daily routine
work - it keeps me very up to date on threats. Sort of Honeypot thingie but
since it is partly production, I have to solve every prob encountered....
Living dangerously on the web.
Top O' the morning - it is past midnight!
Full-Disclosure - We believe in it.