[Autocrypt] EFF Warning about PGP ...
holger krekel
holger at merlinux.eu
Mon May 14 09:06:33 EDT 2018
On Mon, May 14, 2018 at 13:34 +0200, Patrick Brunschwig wrote:
> On 14.05.18 10:43, holger krekel wrote:
> >
> > (via azul/irc) the EFF put out a warning yesterday about PGP:
> >
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-tak
> > e-action-now
> >
> > Could anyone shed more light, keep track, comment?
> >
> > K-9 and Delta don't use "gpg" but i am unsure
> > if it's "just" gpg related or something else.
>
> The problem is that the authors of the study mix a few errors. The
> attack is against email clients, and one of the attack describes that
> clients disregard missing or wrong MDC. If K-9 and Delta check that MDC
> is available and correct, then they are not affected by that part of the
> "Efail" document.
>
> Other parts of the vulnerabilities have nothing to do with MDC, but
> cover aspects of how HTML messages are treated. AFAIK, this mostly
> affects Thunderbird (and thus also Enigmail). I'm particularly unhappy
> with the recommendation of the EFF to uninstall various OpenPGP tools,
> especially as some of these tools are not affected, or are already fixed.
indeed. Let me rephrase this in another way and see if i understood
this correctly yet.
The attack is that a machine in the mail-transit pipeline
can **modify** the encryption such as to leak the cleartext --
and this only happens with particular e-mail impls and settings.
FYI Vincent pointed me to page 11 of the "efail attack" paper:
https://efail.de/efail-attack-paper.pdf
there is a table with affected clients.
But disabling encryption means that mails go in cleartext [*]
which means a MITM machine can read the cleartext directly.
So I don't quite get yet what this "urgent, disable pgp everywhere"
has to do with responsible disclosure. What attack vector
am i missing? How is this super-urgency warranted?
holger
[*] recommending "signal" here is not sufficient as you can not convert
all e-mail communication to signal, the one is "subject/document" based,
ther other is chat-message based. Also signal is blocked in several countries,
see the recent stories about signal's domain-fronting become problematic.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <http://lists.mayfirst.org/pipermail/autocrypt/attachments/20180514/face7461/attachment.sig>
More information about the Autocrypt
mailing list