[cp-global] #efail explained

Dawning Sun dawning_sun at mailbox.org
Mon May 14 22:09:00 GMT 2018


Hi,

since it's a bit more complicated than "GPG/PGP is broken" I'd like to
start a thread with infos on the topic. Including what we can do
already. I'm looking forward to more infos and links from others, too.

=== What's going on? ===

I found this thread by a crypto mathematician very helpful:
https://twitter.com/matthew_d_green/status/995989254143606789

Then there's been explanations/statements by:

* GnuPG: https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
* EFF:
https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0

=== What can we do ? ===

There's nothing to do if you're using Enigmail 2.0+ as it already
includes fixes and/or workarounds:
https://twitter.com/pEpFoundation/status/995993916888502273

As a general rule disabling HTML helps to lower the chances of things
going wrong. Here's how to do it in different clients:
https://twitter.com/botherder/status/995966058371670016


Ciao,
Crille.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: OpenPGP digital signature
URL: <http://cryptoparty.is/pipermail/global/attachments/20180514/d83d45c2/attachment.sig>


More information about the global mailing list