After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 252111 - Mailer defaults encrypted mail to unencrypted when responding
Mailer defaults encrypted mail to unencrypted when responding
Status: RESOLVED FIXED
Product: evolution
Classification: Applications
Component: Mailer
2.28.x (obsolete)
Other All
: Normal major
: ---
Assigned To: evolution-mail-maintainers
Evolution QA team
evolution[gpg]
: 268917 320833 343478 581474 632525 (view as bug list)
Depends on:
Blocks:
 
 
Reported: 2003-12-12 16:47 UTC by Chayim Kirshen
Modified: 2016-04-18 11:22 UTC
See Also:
GNOME target: ---
GNOME version: ---



Description Chayim Kirshen 2003-12-12 16:47:26 UTC
Please fill in this template when reporting a bug, unless you know what you
are doing.
Description of Problem:
  When I receive email that's been GPG encrypted, and then reply to it,
evolution does not re-encrypt the message.  In fact, the "PGP Encrypt"
option in the menu is unchecked.  This results in accidentally sending
unencrypted mail, repeatedly.

Steps to reproduce the problem:
1. Send yourself a gpg encrypted message
2. Reply to it in evolution
3. Read the reply, and notice that it is unencrypted

Actual Results:
  Plaintext mail is sent.

Expected Results:
   Encrypted mail should be sent.

How often does this happen? 
   100% of the time


Additional Information:
Comment 1 Jeffrey Stedfast 2004-01-06 16:16:15 UTC
probably a dup
Comment 2 Samuli Kärkkäinen 2004-12-11 23:16:32 UTC
I too find this bothersome. I don't think there has been a single case
I have not wanted to encrypted a reply to an encrypted mail.
Comment 3 André Klapper 2005-01-14 18:31:09 UTC
updating version number, still missing in 2.0.3, also want this :-)
Comment 4 André Klapper 2005-02-07 12:46:06 UTC
...or forwarding, see dup bug 268917 for this.
adding keyword.
Comment 5 André Klapper 2005-02-07 12:46:17 UTC
*** bug 268917 has been marked as a duplicate of this bug. ***
Comment 6 André Klapper 2005-02-07 12:47:13 UTC
oh, fixing typo in the summary by the way
Comment 7 André Klapper 2005-08-23 14:32:16 UTC
still in 2.3.7
Comment 8 André Klapper 2005-08-23 14:34:21 UTC
uhm, would be cool to also support inline-pgp as we're now having that gorgeous
plugin by matt (see bug 217540)... :-)
Comment 9 C Shilpa 2005-11-07 09:37:43 UTC
*** Bug 320833 has been marked as a duplicate of this bug. ***
Comment 10 Uno Engborg 2006-04-03 22:42:12 UTC
This would be a very important security enhancement. People often leave parts of the original as they make comments in their replies.  Security shouldn't rely on users remembering manually checking encrypt on their responses.

This should of course work for S/MIME as well as PGP.
Comment 11 André Klapper 2006-05-31 20:52:28 UTC
*** Bug 343478 has been marked as a duplicate of this bug. ***
Comment 12 Matthew Barnes 2008-03-11 00:24:59 UTC
Bumping version to a stable release.
Comment 13 fhd 2009-10-31 01:27:34 UTC
Has there been any progress on this issue? The report is remarkably old for such an (from my point of view) rather simple issue, and it is still unfixed as of Evolution 2.26 (didn't find anything on this in the 2.28 changelog either).

I regard this as a considerable security problem; It's dangerous to undermine people's security efforts by accidentaly replying unencrypted - some people do not find this funny at all. As a consequence, I had to use other MUAs for certain conversations just to make sure - which is annoying since Evolution is exactly what I want in all other respects.

I've seen this implemented as a boolean option like "Encrypt replies to encrypted emails" ("true" would be a sane default) which is respected when replying.

A warning shown when replying unencrypted to encrypted emails as seen in some MUAs would certainly be a plus, and I'd actually already be over the moon with just that for now.
Comment 14 Brian McNeil 2009-11-04 13:25:30 UTC
This is still an issue - And one I would expect given considerably higher priority.

I upgraded to Ubuntu 9.10 over the weekend and have just 'leaked' sensitive information because

a. In replying to an encrypted mail from a Thunderbird user, the mail was decrypted for me to read - but the reply prompted me with the ASCII-armoured message. I had to cut and paste segments from the automatically decrypted version in my Inbox.

b. There is no option to encrypt by default where you have a key, or to make certain addressbook entries as "must encrypt"

c. Any reply to an encrypted email should throw up great big warnings if you've not sending encrypted.

d. If sending to a mix of recipients where you can encrypt to some - but not all - you should get warnings, option to only send to those you can encrypt to, &c.

e. (possibly unreported elsewhere). Evolution *should* have an automatic, but disable-able option that when sending an encrypted message you get warned to "sanitise" the subject and not have anything about the message contents 'leaked' in that way.
Comment 15 Matthew Barnes 2010-06-18 13:14:17 UTC
*** Bug 581474 has been marked as a duplicate of this bug. ***
Comment 16 Akhil Laddha 2010-10-19 09:36:28 UTC
*** Bug 632525 has been marked as a duplicate of this bug. ***
Comment 17 David Ayers 2013-11-06 18:50:25 UTC
I believe that this issue has been fixed since at least Evolution 3.2.3
Replying to encrypted mails will create a new encrypted reply.
Comment 18 Christian Stadelmann 2015-10-02 14:09:06 UTC
I can confirm that this issue has been fixed. Works fine in Evolution 3.12.x and 3.16.x
Comment 19 André Klapper 2016-04-18 11:22:08 UTC
Closing as per last two comments. Thanks for retesting!