efail is imho only a html rendering bug
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 21 19:11:16 CEST 2018
> (Only to point the finger at the real bug)
Efail is not just an HTML rendering bug. It includes very real attacks
against S/MIME as it's used by thousands of corporations.
It's true that the cryptanalytic attack on OpenPGP is pretty much
nothing. But even then, there's room to argue whether GnuPG has made it
too easy for email clients to do the wrong thing.
Efail is not just an HTML rendering bug. The hype around it is awful,
but there are good things in the paper and we should be careful not to
wash our hands of it and say "nope, not our problem..."
More information about the Gnupg-users
mailing list