[Autocrypt] EFF Warning about PGP ...
Patrick Brunschwig
patrick at enigmail.net
Mon May 14 07:34:40 EDT 2018
On 14.05.18 10:43, holger krekel wrote:
>
> (via azul/irc) the EFF put out a warning yesterday about PGP:
>
> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-tak
> e-action-now
>
> Could anyone shed more light, keep track, comment?
>
> K-9 and Delta don't use "gpg" but i am unsure
> if it's "just" gpg related or something else.
The problem is that the authors of the study mix a few errors. The
attack is against email clients, and one of the attack describes that
clients disregard missing or wrong MDC. If K-9 and Delta check that MDC
is available and correct, then they are not affected by that part of the
"Efail" document.
Other parts of the vulnerabilities have nothing to do with MDC, but
cover aspects of how HTML messages are treated. AFAIK, this mostly
affects Thunderbird (and thus also Enigmail). I'm particularly unhappy
with the recommendation of the EFF to uninstall various OpenPGP tools,
especially as some of these tools are not affected, or are already fixed.
-Patrick
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20180514/c4ac33e0/attachment.sig>
More information about the Autocrypt
mailing list