EFail mitigations for S/MIME

Bernhard Reiter bernhard at intevation.de
Thu May 17 08:39:23 CEST 2018

Am Donnerstag 17 Mai 2018 02:40:58 schrieb Robert J. Hansen:
> > IMHO the correct solution would be to switch to a true Authenticated
> > Encryption mode - like AES-OCB or AES-GCM.
> Tell it to the Working Group, please.  We don't get to write the RFC by
> ourselves.

As Werner pointed out:
There is already RFC6476 which uses the SMIMECapabilities attribute
as defined in STD 70 (aka rfc5751) to define a "Message Authentication Code 
(MAC) Encryption in the Cryptographic Message Syntax (CMS)"
and there is RFC8103 providing another one.

So we would need to get S/MIME application vendors to implement one of these.


www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180517/8b902c63/attachment.sig>

More information about the Gnupg-devel mailing list