[cp-global] #efail explained
Dawning Sun
dawning_sun at mailbox.org
Mon May 14 22:09:00 GMT 2018
Hi,
since it's a bit more complicated than "GPG/PGP is broken" I'd like to
start a thread with infos on the topic. Including what we can do
already. I'm looking forward to more infos and links from others, too.
=== What's going on? ===
I found this thread by a crypto mathematician very helpful:
https://twitter.com/matthew_d_green/status/995989254143606789
Then there's been explanations/statements by:
* GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
* EFF:
https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
=== What can we do ? ===
There's nothing to do if you're using Enigmail 2.0+ as it already
includes fixes and/or workarounds:
https://twitter.com/pEpFoundation/status/995993916888502273
As a general rule disabling HTML helps to lower the chances of things
going wrong. Here's how to do it in different clients:
https://twitter.com/botherder/status/995966058371670016
Ciao,
Crille.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://cryptoparty.is/pipermail/global/attachments/20180514/d83d45c2/attachment.sig>
More information about the global
mailing list