On 16.06.2011 13:52, Gervase Markham wrote:
On 11/06/11 12:03, Michael Ströder wrote:
This means if the user accidently sent in contact information in an
e-mail footer this information is also disclosed. If not already there
you should put a strong hint on the web page that the signed S/MIME
messages should not contain any private data except e-mail address.
I've added a reminder on the keyserver website.
The best fix for this is to allow users to send in another signed email,
which overwrites the original one as the one that the server sends out.
That way, even if people get it wrong, they can fix it later.
It already works exactly like this. :)
Kai
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto
