efail -> improvements (was: Efail or OpenPGP is safer than S/MIME)
Bernhard Reiter
bernhard at intevation.de
Tue May 15 08:52:45 CEST 2018
.. to only display contents if there was integrity protection by either
> a) MDC
> b) AEAD
> c) a signature over the whole contents from someone where it has been
> encrypted to (if this is feasable to detect).
if users or frontends still want to show contents, to me it seems good if
* there is a very explicit disable-safety-button
* ideally working only for one encryption, so it has been issued explicitely
each time
* a warning against active content which may become active much later
* an attempt to prevent active backchannels as much as possible
(e.g. by only showing plain text and saving as plain-text suffix)
would need to be put in the documentation so GnuPG frontends know.
Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180515/43d22743/attachment.sig>
More information about the Gnupg-users
mailing list