EFail mitigations for S/MIME (was: efail -> improvements in case w/o AE (e.g. CMS))

Andre Heinecke aheinecke at intevation.de
Tue May 15 14:31:37 CEST 2018


It think Bernhards mail can be summed up further. To check that the encrypted 
data was not manipulated we only need:

- Any hash over the plaintext.

To get such a hash we can most easily use a signature, regardless of any trust 
in the signature. The hash does not need to be encrypted.

If we have no hash we won't offer to save a decrypted file from a GUI or show 
it in an HTML enabled mail client. This would disallow encrypt, then sign 
schemes but in practice everyone uses sign then encrypt anyway.

Best regards,

Andre Heinecke |  ++49-541-335083-262  | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180515/53b6c247/attachment.sig>

More information about the Gnupg-devel mailing list