#eFail is #reFail
der.hans
PLUGd at LuftHans.com
Mon May 14 13:24:49 MST 2018
moin moin,
lots of news about "new" PGP and S/MIME handling security issues.
Considering GnuPG addressed it 15 years ago, it doesn't seem to be new :)
Also, email clients automatically displaying remote content has never
been safe.
Summary seems to be:
1. Using text mail rather than html mail mitigates one of the disclosed
issues.
2. Disabling old ciphers or having a mail client that properly handles
decryption warnings and/or sanitizes messages will work for the other.
See mailpile's response for the latter.
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
https://www.mailpile.is/blog/2018-05-14_PGP_Security_Alert.html
One good thing to come out of this is that I now know about mailpile :)
ciao,
der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Eternal vigilance is the price of liberty. -- Thomas Jefferson
More information about the PLUG-discuss
mailing list