Bug 736756 – seahorse leaks private information by using non-encrypted hkp protocol to keyservers

After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.

Bug 736756 - seahorse leaks private information by using non-encrypted hkp protocol to keyservers


Summary:	seahorse leaks private information by using non-encrypted hkp protocol to key...


Status:	RESOLVED DUPLICATE of bug 617383

Product:	seahorse
Classification:	Applications
Component:	general
Version:	git master
Hardware:	Other Windows

Importance:	Normal critical
Target Milestone:	---
Assigned To:	Seahorse Maintainer
QA Contact:	Seahorse Maintainer

URL:
Whiteboard:

Depends on:
Blocks:

Reported:	2014-09-16 15:44 UTC by Christian Stadelmann
Modified:	2014-09-17 07:02 UTC

See Also:
GNOME target:	---
GNOME version:	---

Description Christian Stadelmann 2014-09-16 15:44:50 UTC

Seahorse by default uses the hkp:// protocol, not hkps:// and thus leaks private information (retrieved keys, uploaded keys) and widens the attack surface for man-in-the-middle-attacks. This is a very bad idea.

Comment 1 Stef Walter 2014-09-17 07:02:52 UTC

This is a duplicate of bug #617383.

That said, nobody seems to be actively working on that bug. If you would like to contribute towards fixing this, that would be very welcome.

*** This bug has been marked as a duplicate of bug 617383 ***