https://bugzilla.novell.com/show_bug.cgi?id=754594 https://bugzilla.novell.com/show_bug.cgi?id=754594#c0 Summary: kmail does ignore the encryption-settings defined in the addressbook of kontakt Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: KDE4 Applications AssignedTo: kde-maintainers@suse.de ReportedBy: stakanov@freenet.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Programm version: Kmail and Kontact version 4.7.2 default packages openSUSE 12.1, 64 bit, fresh install. Kmail ignores the mandatory encryption setting in Address book but fools the author with executing correctly the signature. If you set: sign always, encrypt always for a contact in the Kontact address book, only the signature settings are taken. Since the program asks for the encryption password, the author does not notice that the email will departure unencrypted but will believe it is correctly signed and encrypted. I think this is severe because this could make people send potentially sensible information and attachments unencrypted over the internet. This bug will affect also mailing-lists Reproducible: Always Steps to Reproduce: 1.create a contact in the address book. Give mandatory signature and encryption as setting for it. Safe. 2. write a mail to this contact. Do not manually select encryption or signature. 3.Signature will be selected and password asked but the mail will be send unencrypted. Actual Results: Sending your correspondence and attachment unencrypted over the internet, thinking that they have been encrypted. Expected Results: Like Kmail of KDE3: encryption password is asked and encryption is taking place according to settings. In case you deselect a mandatory option a warning is displayed that you may be going against site policy and confirmation is asked. (I do not recall, but maybe - correctly - it is even impossible to send unencrypted in KDE3 Kmail when in address book encryption and signature are obligatory. So with other words, no regression compared to the previous function.I sign this bug critical. If someone sends credit card data, or important documents encrypted, this may be a good way of having a oooops big problem, which is equivalent of loss of data (to say the minor). Since this worked before since a long time, this will fool especially but not only long-time users that habitually use encrypted email. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.