Efail or OpenPGP is safer than S/MIME

Werner Koch wk at gnupg.org
Tue May 15 09:58:01 CEST 2018

On Mon, 14 May 2018 22:43, andrewg at andrewg.com said:

> If we believe that there will be more encrypted messages in the future than there have been in the past, then protecting those future messages takes priority, especially if an upgrade pathway exists. 

Unless you change the default options of gpg or you encrypt to at least
one old key there is no problem at all.  I assume that 99.9% of all GPG
created messages are safe because they use MDC in away which allows the
receiving GPG to hard fail if the MDC was stripped.

> As an aside, I think we have to be careful about the meaning of “use”. They are not used by default in encryption, but they are in decryption. I’ve had multiple conversations today over this ambiguity. 

Right.  However, if someone sends you a message using an old algorithm
you can't do anything about it.  We can assume that those who do not
have sane software or configuration also miss other important security
precautions so that there are many other and easier ways to get to the
plaintext than an active MitM or a replay of modified messages.

> I think also that we should be mindful that “be strict about what you send but liberal about what you receive” is great advice for interoperability, but absolutely disastrous advice for security. 

I fully agree.

> But encryption has to change this risk analysis - in an encrypted mail
> there can’t be an easy override because the stakes are much higher and
> people are easily tempted. When we have a system like

Right.  When you use encryption you can make a concious decision to keep
the data confidential or public.

> tbird+enigmail+gpg where there are *three* interacting components,

Plugins are a real problem but I think we are doing anywat great given
that the native encryption stuff is not much better (Efail tested in
Outlook the internal S/MIME which is vulnerable and the GpgOL plugin
for OpenPGP which is not vulnerable).

I would really be good if the Mozilla folks would work closer together
with Enigmail and not reject the idea of including OpenPGP which they
more or less did since about 2000.



#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180515/ffcc1741/attachment.sig>

More information about the Gnupg-users mailing list