> So basically, 1) the attacker embeds a link to the encrypted message, 2) the email client fetches and decrypts it, and then 3) sends plaintext back to the attacker.
What? The attacker embeds secure content inside a link, not a link to the content. It could come from files stored in a public place or emails.
What? The attacker embeds secure content inside a link, not a link to the content. It could come from files stored in a public place or emails.