search

Meddington / OutlookPrivacyPlugin

A PGP encryption plugin for Outlook 2010, 2013 and 2016.
BSD 3-Clause "New" or "Revised" License
272 stars 59 forks source link

Encrypt/Sign for new emails is global rather than per-email (making it easy to shoot yourself in the foot). #18

Closed BuildTheRobots closed 10 years ago

BuildTheRobots commented 10 years ago

(raised on the google-code issue tracker a fortnight ago and gives no indication of being seen, so...)

What version of Windows? Windows 7 Professional (x64)

What version of Outlook (2010, 2013, x86/x64)? Office 2010 (14.0.6023.1000, 32bit)

What steps will reproduce the problem?

  1. Outlook is configured not to automatically encrypt/sign new emails.
  2. Start writing a new email. Tell Outlook to encrypt+sign
  3. Open a second email composition window.
  4. The second email is not encrypted (as expected). Creating the new email disables encryption on the first message (not expected)
  5. Send first email, now accidentally un-encrypted. Be visited by the fail-whale.

What is the expected output? What do you see instead? The expectation is that sign/encrypt options apply to the specific email, however they apply globally, making it extremely easy to shoot yourself in the foot and accidentally send emails as plain text even when you've specifically told them to be encrypted.

Please provide any additional information below.

Hope this makes sense, happy to provide more detail or video if needed.

Meddington commented 10 years ago

Thanks for the bug report, that's a good one! I'll look into it.

Meddington commented 10 years ago

Fixed in beta 38

BuildTheRobots commented 10 years ago

Aces; thank you. Will test as soon as B38 is available for download.

Meddington commented 10 years ago

Check out release 38, should be fixed.

On May 28, 2014, at 9:57 AM, BuildTheRobots notifications@github.com wrote:

(raised on the google-code issue tracker a fortnight ago and gives no indication of being seen, so...)

What version of Windows? Windows 7 Professional (x64)

What version of Outlook (2010, 2013, x86/x64)? Office 2010 (14.0.6023.1000, 32bit)

What steps will reproduce the problem?

  1. Outlook is configured not to automatically encrypt/sign new emails.
  2. Start writing a new email. Tell Outlook to encrypt+sign
  3. Open a second email composition window.
  4. The second email is not encrypted (as expected). Creating the new email disables encryption on the first message (not expected)
  5. Send first email, now accidentally un-encrypted. Be visited by the fail-whale.

What is the expected output? What do you see instead? The expectation is that sign/encrypt options apply to the specific email, however they apply globally, making it extremely easy to shoot yourself in the foot and accidentally send emails as plain text even when you've specifically told them to be encrypted.

Please provide any additional information below.

Hope this makes sense, happy to provide more detail or video if needed.

— Reply to this email directly or view it on GitHub.

BuildTheRobots commented 10 years ago

tested and working in .38, however issue 17 seems to be far more apparent now.

https://github.com/dejavusecurity/OutlookPrivacyPlugin/issues/17