Efail or OpenPGP is safer than S/MIME
Robert J. Hansen
rjh at sixdemonbag.org
Mon May 14 14:42:35 CEST 2018
> If I read it correctly, it also has another attack, no longer based on
> user agents concatenating HTML mime parts, but also based on CFB
> gadgets. Which, here, looks like a flaw in the OpenPGP specification
> indeed (and thus GnuPG's implementation of it), and not in MUAs?
MDCs stop it dead. If a message has no MDC or an invalid MDC, GnuPG
_will_ warn you about it. Now, whether your email client does the right
thing upon being warned, that's between you and your email client...
More information about the Gnupg-users