[9099] in bugtraq
Re: Outlook 98 Security "Feature"
daemon@ATHENA.MIT.EDU (Darren Reed)
Mon Jan 18 11:33:00 1999
Date: Mon, 18 Jan 1999 20:34:55 +1100
Reply-To: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
From: Darren Reed <avalon@COOMBS.ANU.EDU.AU>
X-To: todd@INTERNETWORKING.COM
To: BUGTRAQ@NETSPACE.ORG
In-Reply-To: <000101be41c5$1893e160$9901010a@viper.securelogix.com> from "Todd
Beebe" at Jan 16, 99 08:57:17 pm
In some mail from Todd Beebe, sie said:
[...]
> I don't think an encrypted email that I receive, should be unencrypted when
> I reply, and require me to Forward the reply to any and all recipients.
> Shouldn't the default be to encrypt all replies to encrypted email?
>
> Is this the standard with other email packages using encryption?
I've not used Outlook'98, just Oulook'97 but...
This appears, to me, to be a problem with the plugin for Outlook that
you are using. I've used the PGP plugins with Outlook and have not
had any problem replying to an encrypted email and encrypting the reply.
It does let you reply to encrypted email with an unencrypted email (a
potential information leak) but that's a user problem.
Btw, 6.0 appears to be the first release of PGP that works "properly"
with Outlook when it comes to correctly matching names from your
address book with those that you're addressing an email to, which in itself
opens up an interesting attack: if you can somehow fool the PGP plugin to
select the wrong destination PGP key when sending an email, from memory it
will not show you the list of destination email addresses with the matched
PGP keyids before clicking on the "send" button.
Darren
