Efail or OpenPGP is safer than S/MIME

Leo Gaspard gnupg at leo.gaspard.ninja
Mon May 14 12:55:13 CEST 2018


On 05/14/2018 09:45 AM, Werner Koch wrote:> The topic of that paper is
that HTML is used as a back channel to create
> an oracle for modified encrypted mails.  It is long known that HTML
> mails and in particular external links like <img href="tla.org/TAG"/>
> are evil if the MUA actually honors them (which many meanwhile seem to
> do again; see all these newsletters).  Due to broken MIME parsers a
> bunch of MUAs seem to concatenate decrypted HTML mime parts which makes
> it easy to plant such HTML snippets.

The full details appear to be out [1].

If I read it correctly, it also has another attack, no longer based on
user agents concatenating HTML mime parts, but also based on CFB
gadgets. Which, here, looks like a flaw in the OpenPGP specification
indeed (and thus GnuPG's implementation of it), and not in MUAs?


[1] https://efail.de/



More information about the Gnupg-users mailing list