A postmortem on Efail

Dirk Gottschalk dirk.gottschalk1980 at googlemail.com
Sun May 20 15:51:40 CEST 2018


Hi.

Am Sonntag, den 20.05.2018, 02:26 -0400 schrieb Robert J. Hansen:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on
> Efail.
> You may find it worth reading.  You may also not.  Your mileage will
> probably vary.  :)
> 
> https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08

Thank you for this real good post. You have some real good arguments.

I use GnuPG for many, many years now and for all purposes it is usable
for. Encrypting/Signinmg files, emails, backups, and, as you wrote, it
is used to check packages for my distribution (Fedora). And I even
"abuse" GnuPG to do things, which are not part of the "official" use
cases, but it works even in this cases.

I think the backwards compatiblity should be broken to improve things.
It would be possible to implement something like --legacy to re-enable
the old functionality. This could also be implemented in email clients
and plug-ins like enigmail as a checkbox.

Increment your numnber of natively OpenPGP supporting email clients
from zero to one. Evolution has this implemented. At least as an
interface to gnupg-agent.

Okay, I should say I am one of the very few users, which are using
GnuPG on a regular basis for many use cases. I even have a few
Smartcards with keys and so on. And I would like to help improving
things, if help is welcome. 

Again, thank you for posting this statement, it wasw really nice to
read.

Regards,
Dirk


-- 
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen
Tel.: +49 1573 1152350
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180520/efd4488e/attachment-0001.sig>


More information about the Gnupg-users mailing list