Don't Panic.
Mark Rousell
markr at signal100.com
Mon May 14 18:34:07 CEST 2018
On 14/05/2018 08:27, Robert J. Hansen wrote:
> Werner saw a preprint of this paper some time ago. I saw it recently.
> Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of
> respect for the paper authors I will skip further comment until such
> time as the paper is published.
>
> It would've been nice if EFF had reached out to us for comment, rather
> than apparently only talking to the paper authors. We hope they'll
> reach out next time.
I see that the Inquirer is passing on the FUD. May I suggest that
someone authoritative gets in touch with them to correct them.
PGP is leaking your emails in plaintext and there's no known fix
<https://www.theinquirer.net/inquirer/news/3032200/pgp-is-leaking-plaintext-versions-of-your-emails-and-theres-no-known-cure>
Amongst other things this includes the following paragraph which, as I
understand it, is essentially untrue:
"There are currently no reliable fixes for the vulnerability. If you
use PGP/GPG or S/MIME for very sensitive communication, you should
disable it in your email client for now," said Sebastian Schinzel
<https://twitter.com/seecurity/status/995906576170053633>, a
professor of computer security at the University.
(Re-sent as my outgoing server got a
"451-xx.xx.xx.xx+is+not+yet+authorized+to+deliver+mail+from" error first
time round.)
--
Mark Rousell
PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180514/7e3b2f84/attachment.html>
More information about the Gnupg-users
mailing list