Efail or OpenPGP is safer than S/MIME

Patrick Brunschwig patrick at enigmail.net
Thu May 17 08:59:48 CEST 2018


On 15.05.18 11:14, Andrew Gallagher wrote:
> On 14/05/18 14:44, Andrew Gallagher wrote:
>> I would humbly suggest that we stop worrying about which side of the
>> GPG/MUA fence the ball is on, and fix it on *both* sides.
> 
> I have just opened tickets in both GnuPG and Enigmail for the respective
> integrity check mitigations.
> 
> https://dev.gnupg.org/T3981
> https://sourceforge.net/p/enigmail/bugs/838/
> 
> Please let's avoid a finger-pointing contest. Belt and braces. :-)

So, just that you are aware of the consequences of this change. I
implemented the check for "gpg: WARNING: message was not integrity
protected" in Enigmail 2.0.4.

Within 12 hours after the release I got 5 bug reports/support requests
from users who can't read their (old?) mails anymore. And the day in
Europe has only just begun -- many users did not yet upgrade ...

-Patrick



More information about the Gnupg-users mailing list