markr at signal100.com
Mon May 14 18:34:07 CEST 2018
On 14/05/2018 08:27, Robert J. Hansen wrote:
> Werner saw a preprint of this paper some time ago. I saw it recently.
> Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of
> respect for the paper authors I will skip further comment until such
> time as the paper is published.
> It would've been nice if EFF had reached out to us for comment, rather
> than apparently only talking to the paper authors. We hope they'll
> reach out next time.
I see that the Inquirer is passing on the FUD. May I suggest that
someone authoritative gets in touch with them to correct them.
PGP is leaking your emails in plaintext and there's no known fix
Amongst other things this includes the following paragraph which, as I
understand it, is essentially untrue:
"There are currently no reliable fixes for the vulnerability. If you
use PGP/GPG or S/MIME for very sensitive communication, you should
disable it in your email client for now," said Sebastian Schinzel
professor of computer security at the University.
(Re-sent as my outgoing server got a
"451-xx.xx.xx.xx+is+not+yet+authorized+to+deliver+mail+from" error first
PGP public key: http://www.signal100.com/markr/pgp
Key ID: C9C5C162
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnupg-users