Efail or OpenPGP is safer than S/MIME
Patrick Brunschwig
patrick at enigmail.net
Thu May 17 08:59:48 CEST 2018
On 15.05.18 11:14, Andrew Gallagher wrote:
> On 14/05/18 14:44, Andrew Gallagher wrote:
>> I would humbly suggest that we stop worrying about which side of the
>> GPG/MUA fence the ball is on, and fix it on *both* sides.
>
> I have just opened tickets in both GnuPG and Enigmail for the respective
> integrity check mitigations.
>
> https://dev.gnupg.org/T3981
> https://sourceforge.net/p/enigmail/bugs/838/
>
> Please let's avoid a finger-pointing contest. Belt and braces. :-)
So, just that you are aware of the consequences of this change. I
implemented the check for "gpg: WARNING: message was not integrity
protected" in Enigmail 2.0.4.
Within 12 hours after the release I got 5 bug reports/support requests
from users who can't read their (old?) mails anymore. And the day in
Europe has only just begun -- many users did not yet upgrade ...
-Patrick
More information about the Gnupg-users
mailing list