[Bug 754594] New: kmail does ignore the encryption-settings defined in the addressbook of kontakt
https://bugzilla.novell.com/show_bug.cgi?id=754594 https://bugzilla.novell.com/show_bug.cgi?id=754594#c0 Summary: kmail does ignore the encryption-settings defined in the addressbook of kontakt Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: KDE4 Applications AssignedTo: kde-maintainers@suse.de ReportedBy: stakanov@freenet.de QAContact: qa-bugs@suse.de Found By: --- Blocker: --- User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:11.0) Gecko/20100101 Firefox/11.0 Programm version: Kmail and Kontact version 4.7.2 default packages openSUSE 12.1, 64 bit, fresh install. Kmail ignores the mandatory encryption setting in Address book but fools the author with executing correctly the signature. If you set: sign always, encrypt always for a contact in the Kontact address book, only the signature settings are taken. Since the program asks for the encryption password, the author does not notice that the email will departure unencrypted but will believe it is correctly signed and encrypted. I think this is severe because this could make people send potentially sensible information and attachments unencrypted over the internet. This bug will affect also mailing-lists Reproducible: Always Steps to Reproduce: 1.create a contact in the address book. Give mandatory signature and encryption as setting for it. Safe. 2. write a mail to this contact. Do not manually select encryption or signature. 3.Signature will be selected and password asked but the mail will be send unencrypted. Actual Results: Sending your correspondence and attachment unencrypted over the internet, thinking that they have been encrypted. Expected Results: Like Kmail of KDE3: encryption password is asked and encryption is taking place according to settings. In case you deselect a mandatory option a warning is displayed that you may be going against site policy and confirmation is asked. (I do not recall, but maybe - correctly - it is even impossible to send unencrypted in KDE3 Kmail when in address book encryption and signature are obligatory. So with other words, no regression compared to the previous function.I sign this bug critical. If someone sends credit card data, or important documents encrypted, this may be a good way of having a oooops big problem, which is equivalent of loss of data (to say the minor). Since this worked before since a long time, this will fool especially but not only long-time users that habitually use encrypted email. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=754594 https://bugzilla.novell.com/show_bug.cgi?id=754594#c Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- OS/Version|Other |openSUSE 12.1 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=754594 https://bugzilla.novell.com/show_bug.cgi?id=754594#c1 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Component|KDE4 Applications |KDE4 Applications Product|openSUSE 12.1 |openSUSE 12.2 Target Milestone|--- |Final OS/Version|openSUSE 12.1 |openSUSE 12.2 --- Comment #1 from Stakanov Schufter <stakanov@freenet.de> 2013-03-16 13:16:21 UTC --- As this is still the case in 12.2 I put it to 12.2 (64 bit) Following supplement: you put a contact into the Kontakt-Pim agenda. You define a default email. You define the encryption preferences for Kgpg for the named contact. Then you write an email to that contact. The encryption if set in Kontakt to: sign always, encrypt always will be ignored. More: after clicking by hand on encrypt and sign, there will be told: no preferences set for encryption (in the pop-up window). Now, if you try to set a preference there, you will be prompted with the question on "how do you want to name the new contact". Every time you give a name then, a duplicate contact for this email will be created in the agenda. But if you send the email from this contact, again the preferences will be ignored, and the circle begins again. You can send with preferences but then you will create every time a new redundante program for the email in question. You can send without preferences but you will have to select by hand. In this case at least no redundant contact will be created. This is the case for KDE 4.8.5, 4.9.5, 4.10.1 in 12.1 and 12.2. I haven't yet tried in 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=754594 https://bugzilla.novell.com/show_bug.cgi?id=754594#c2 Stakanov Schufter <stakanov@freenet.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Component|KDE4 Applications |KDE4 Applications Resolution| |UPSTREAM Product|openSUSE 12.2 |openSUSE 12.3 --- Comment #2 from Stakanov Schufter <stakanov@freenet.de> 2013-12-05 09:31:52 UTC --- Fixed upstream (bug reference: https://bugs.kde.org/show_bug.cgi?id=304821 in 4.11.4) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com