[Enigmail] identifiable MIME boundaries

Daniel Kahn Gillmor dkg at fifthhorseman.net
Fri Apr 19 04:09:26 CEST 2013


hi enigmail folks--

package/mimeEncrypt.js contains two hardcoded references to "enig2" that
are used to create the MIME boundaries when using PGP/MIME.

In many circumstances it is not a problem to leak the information that
the mail sender is using enigmail specifically, but there are some users
and some use cases where the user does not want to reveal their choice
of software.

See, for example, Tor's documentation about thunderbird and enigmail:

 https://trac.torproject.org/projects/tor/raw-attachment/wiki/doc/TorifyHOWTO/EMail/Thunderbird/Thunderbird%2BTor.pdf

Is there a reason to use the "enig2" prefix in package/mimeEncrypt.js at
all?  Would it be possible to simply remove it (and maybe extend the
size of the string returned by createBoundary() ?  The attached patch
implements the suggestion.

Alternately, if a fixed prefix is necessary for the boundary (i don't
know why that would be), maybe we could move that fixed prefix into an
enigmail preference, so that users could override it if they needed?

	--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: deidentify-mime-boundary.diff
Type: text/x-patch
Size: 1270 bytes
Desc: not available
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20130418/3ac2bbf3/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1027 bytes
Desc: OpenPGP digital signature
URL: <https://lists.enigmail.net/pipermail/enigmail-users_enigmail.net/attachments/20130418/3ac2bbf3/attachment-0001.bin>


More information about the enigmail-users mailing list