Efail or OpenPGP is safer than S/MIME

Andrew Gallagher andrewg at andrewg.com
Mon May 14 12:56:00 CEST 2018


On 14/05/18 10:42, Robert J. Hansen wrote:
> ... Yep, GnuPG will warn you the message was not integrity protected.
> Your email client should see this warning and refuse to render the message.

Yes, but that's not as serious as the error thrown for an unprotected
AES message. Do mail clients treat such warnings as fatal? Should mail
clients *ever* treat mere warnings as fatal?

I can't test here because I'm suffering from https://dev.gnupg.org/T3576
 - guess that means I'm immune! ;-)

-- 
Andrew Gallagher

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/88ee7659/attachment.sig>


More information about the Gnupg-users mailing list