efail is imho only a html rendering bug

Werner Koch wk at gnupg.org
Wed Jun 6 20:19:26 CEST 2018


Thanks for responding.  However, my question was related to the claims
in the paper about using CRL and OCSP as back channels.  This created the
impression that, for example, the certificates included in an encrypted
CMS object could be modified in a way that, say, the DP could be change
in the same was a a HTML img tag or to confuse the MIME parser.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180606/94fa0fa7/attachment.sig>

More information about the Gnupg-users mailing list