#eFail is #reFail

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MM 
MMHerminio Hernandez, Jr. at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: der.hans
Date:  
To: quatsch
Subject: #eFail is #reFail
moin moin,

lots of news about "new" PGP and S/MIME handling security issues.

Considering GnuPG addressed it 15 years ago, it doesn't seem to be new :)

Also, email clients automatically displaying remote content has never
been safe.

Summary seems to be:

1. Using text mail rather than html mail mitigates one of the disclosed
issues.

2. Disabling old ciphers or having a mail client that properly handles
decryption warnings and/or sanitizes messages will work for the other.

See mailpile's response for the latter.

https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html

https://www.mailpile.is/blog/2018-05-14_PGP_Security_Alert.html

One good thing to come out of this is that I now know about mailpile :)

ciao,

der.hans
--
# https://www.LuftHans.com https://www.PhxLinux.org
# Eternal vigilance is the price of liberty. -- Thomas Jefferson
---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.phxlinux.org/mailman/listinfo/plug-discuss
This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Re: Laptop for compiling.Re: #eFail is #reFail->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)