Efail or OpenPGP is safer than S/MIME

Robert J. Hansen rjh at sixdemonbag.org
Mon May 14 14:42:35 CEST 2018

> If I read it correctly, it also has another attack, no longer based on
> user agents concatenating HTML mime parts, but also based on CFB
> gadgets. Which, here, looks like a flaw in the OpenPGP specification
> indeed (and thus GnuPG's implementation of it), and not in MUAs?

MDCs stop it dead.  If a message has no MDC or an invalid MDC, GnuPG
_will_ warn you about it.  Now, whether your email client does the right
thing upon being warned, that's between you and your email client...

More information about the Gnupg-users mailing list