efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)

Bernhard Reiter bernhard at intevation.de
Tue May 15 08:52:45 CEST 2018

.. to only display contents if there was integrity protection by either

>  a) MDC
>  b) AEAD
>  c) a signature over the whole contents from someone where it has been
>     encrypted to (if this is feasable to detect).

if users or frontends still want to show contents, to me it seems good if

* there is a very explicit disable-safety-button
* ideally working only for one encryption, so it has been issued explicitely
  each time
* a warning against active content which may become active much later
* an attempt to prevent active backchannels as much as possible
  (e.g. by only showing plain text and saving as plain-text suffix)

would need to be put in the documentation so GnuPG frontends know.


www.intevation.de/~bernhard   +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180515/43d22743/attachment.sig>

More information about the Gnupg-users mailing list