efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)

Bernhard Reiter bernhard at intevation.de
Tue May 15 08:42:02 CEST 2018

Am Montag 14 Mai 2018 22:43:56 schrieb Andrew Gallagher:
> > On 14 May 2018, at 18:32, Werner Koch <wk at gnupg.org> wrote:
> > Well okay, with the new support of the Ehtmlfail paper we could now
> > point to that paper and always hard error out if no MDC is used even for
> > old algorithms.  Shall we consider this?

> Yes, absolutely. I think this is the easiest and most effective technical
> mitigation available. 

I completely agree, the paper shows problems with the current specifications, 
backend and frontend implementations. We should (help to) fix it in all three 

Best for GnuPG would be to not display contents which did not have integrity 
protection by either:
 a) MDC
 b) AEAD
 c) a signature over the whole contents from someone where it has been
    encrypted to (if this is feasable to detect).

> With two interacting systems, neither should assume that the other
> is behaving correctly. 

Note that it is not just email clients that are in danger.
If you get a file with active contents (e.g. an HTML file, or a video 
reference) and you decrypt it as data on the command line it is fine up to 
there. But once you try to read or open it, you'll have a backchannel.

> > Yes please, I consider this the minimum requirement for HTML based
> > mails.  Why sending email when you need to go online for reading them.
> > And also disallow Javascript.  How you only need to convince the mail
> > content designers that they can't simply use the web page and send it as
> > mail.  That will be the hard part.
> Another thing we need to learn from this is that HTML elements may be a
> privacy concern in plaintext mail, but they are a *security* concern in
> encrypted mail.

People clearly seem to want a way to send files with potentially active 
elements. So in my opinion the crypto standards and backends should be 
designed to allow this in the safest way possible. 

Best Regards,

www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180515/69876dfb/attachment.sig>

More information about the Gnupg-users mailing list