AW: Efail or OpenPGP is safer than S/MIME

Fiedler Roman Roman.Fiedler at ait.ac.at
Thu May 17 13:40:41 CEST 2018 

> Von: Gnupg-users [mailto:gnupg-users-bounces at gnupg.org] Im Auftrag von
> > On 17 May 2018, at 11:50, Patrick Brunschwig <patrick at enigmail.net>
> wrote:
> >
> >> On 17.05.18 10:07, Werner Koch wrote:
> >> On Thu, 17 May 2018 08:59, patrick at enigmail.net said:
> >>
> >>> Within 12 hours after the release I got 5 bug reports/support requests
> >>
> >> Kudos to Enigmail for acting as our guinea pig.  I implemented the same
> >> thing in GPGME this morning (see my mail to enigmail users).
> >>
> >> What shall we do now?  Provide a separate tool to decrypt and clean HTML
> >> messages or add a tool to Enigmail to do just this?
> >
> > Good question... Thunderbird is working on fixing the HTML display
> > issue. But I think we should really start enforcing users to enable MDC.
> > I therefore would prefer keeping the barrier high. In any case, this is
> > nothing that I could implement with a week or two.
> 
> I agree, while it would be easy for the users to have a magic button in
> enigmail, this isn’t something we should be encouraging users to use on a
> regular basis.
> 
> IMO a better solution would be a standalone tool that you could point at a
> local Maildir and tell it to clean and re-encrypt anything it finds that is bad (for
> a given value of “bad”), and save it to a new Maildir, perhaps with an
> attachment explaining what was done. This would of course invalidate any
> signatures on the re-encrypted data, but that’s OK for the use case. It should
> not be an in-place update, nor should it work over e.g. IMAP because that
> would a) encourage people to run it in a cronjob and b) destroy the originals,
> which may be a deal breaker for archival purposes.

Sounds nice. Maybe if you combine it with the suggestions from https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060362.html (and perhaps improve my proposal, as a first guess usually cannot be the best), you could kill two birds with one stone. Hence you also could have a shorter path to get rid of old ciphers, MDCs and other backward compatibility stuff, thus increasing security and speeding up development.

LG Roman

More information about the Gnupg-users mailing list