6.0.0-alpha10
▾
Tasks
New Task
Search
Photos
Wiki
▾
Tickets
New Ticket
Search
dev.horde.org
Toggle Alerts Log
Help
5/15/25
H
istory
A
ttachments
C
omment
W
atch
Download
Comment on [#5753] Minimize lacking PGP forward secrecy with webmail
*
Your Email Address
*
Spam protection
Enter the letters below:
.___..__ ..__..___ _/ [__) || |[__ ./__.| \__||__\|
Comment
> PGP lacks forward secrecy, i.e. once a secret key with corresponding > passphrase is known to an attacker, all prior and all future mails > can be decrypted if intercepted. Webmail applications are especially > vulnerable to keylogger (or looking over ones shoulders) attacks > because they are often used in insecure environments. Horde lets you > export the secret key thus one successfull attacks suffices to > compromise all prios and all future mails. I therefore suggest to > omit this "feature" (exporting of the secret key) in future versions. > > > > I think, it is not really important for users to export their secret > key. If they wish to have a copy on their harddisk, they should have > a secure place anyway and thus probably have the possibility to > generate a key pair on this system and import it into Horde > afterwards. If they want to change to a local mailsystem, they should > generate a new key anyway if it was possible to export the key > without their knowledge beforehand.
Attachment
Watch this ticket
N
ew Ticket
M
y Tickets
S
earch
Q
uery Builder
R
eports
Saved Queries
Open Bugs
Bugs waiting for Feedback
Open Bugs in Releases
Open Enhancements
Enhancements waiting for Feedback
Bugs with Patches
Enhancements with Patches
Release Showstoppers
Stalled Tickets
New Tickets
Horde 5 Showstoppers