Hallo zusammen, sofern nicht selber schon gesehen/-lesen hier [0] FYI "OpenPGP signature spoofing using HTML" Hier am Beispile von Enigmail und Thunderbrid "... when HTML mails are enabled this part of the user interface can be fully controlled by the mail sender ... ... an attacker can simply fake a signature by crafting an HTML mail that will display the green bar ..." Im weiteren werden Beispiele erklärt für - KMail - Evolution - GPGTools plugin for Apple Mail (attack was not possible using the same technique) - mutt (text fakes: the output of the GPG verification command within the mail Gegenmaßnahme: enabling colors for signed messages) VG Bernd [0] https://lwn.net/Articles/767717/ -- Bernd Kohler IT Center Abteilung: Netze RWTH Aachen University Wendlingweg 10 52074 Aachen Tel: +49 241 80-29793 Fax: +49 241 80-22666 kohler@itc.rwth-aachen.de https://www.itc.rwth-aachen.de