Hi all,
I was looking at a CERT security advisory today that describes an attack using the application/pgp-encrypted mime type to decrypt sensitive information, however the attack scenario, doesn't make a lot of sense to me.
What exactly is the threat? All I can put together is an attacker can encrypt a malicious html email which, when rendered, makes http requests. Not always a good thing, but no different than if a victim renders non-encrypted html email anyway. Is that correct?
The paper seems to suggest that an attacker collecting encrypted data (emails) of a victim may then decipher them if the malicious html/pgp email is decrypted by the victim, because secret data (private key) is sent to the attacker's webserver.
Could someone clarify how this attack scenario plays out? Are these pgp/html mail clients actually so broke that they would send crypto secrets as part of an http request while rendering a malicious email?
-George
--