efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)
bernhard at intevation.de
Tue May 15 08:42:02 CEST 2018
Am Montag 14 Mai 2018 22:43:56 schrieb Andrew Gallagher:
> > On 14 May 2018, at 18:32, Werner Koch <wk at gnupg.org> wrote:
> > Well okay, with the new support of the Ehtmlfail paper we could now
> > point to that paper and always hard error out if no MDC is used even for
> > old algorithms. Shall we consider this?
> Yes, absolutely. I think this is the easiest and most effective technical
> mitigation available.
I completely agree, the paper shows problems with the current specifications,
backend and frontend implementations. We should (help to) fix it in all three
Best for GnuPG would be to not display contents which did not have integrity
protection by either:
c) a signature over the whole contents from someone where it has been
encrypted to (if this is feasable to detect).
> With two interacting systems, neither should assume that the other
> is behaving correctly.
Note that it is not just email clients that are in danger.
If you get a file with active contents (e.g. an HTML file, or a video
reference) and you decrypt it as data on the command line it is fine up to
there. But once you try to read or open it, you'll have a backchannel.
> > Yes please, I consider this the minimum requirement for HTML based
> > mails. Why sending email when you need to go online for reading them.
> > content designers that they can't simply use the web page and send it as
> > mail. That will be the hard part.
> Another thing we need to learn from this is that HTML elements may be a
> privacy concern in plaintext mail, but they are a *security* concern in
> encrypted mail.
People clearly seem to want a way to send files with potentially active
elements. So in my opinion the crypto standards and backends should be
designed to allow this in the safest way possible.
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: This is a digitally signed message part.
More information about the Gnupg-users