A postmortem on Efail

Mirimir mirimir at riseup.net
Mon May 21 02:43:07 CEST 2018

On 05/19/2018 11:44 PM, Aleksandar Lazic wrote:
> Hi Robert.
> On 20/05/2018 02:26, Robert J. Hansen wrote:
>> Writing just for myself -- not for GnuPG and not for Enigmail and
>> definitely not for my employer -- I put together a postmortem on Efail.
>> You may find it worth reading.  You may also not.  Your mileage will
>> probably vary.  :)
>> https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
> As a long time reader and partly gpg user I would like to thank you for
> the post.
>>From my point of view must be something more behind the curtain.
> I do not want to create a conspiracy theory but it's wiggy that
> EFF favors *NO* security ,pgp or s/mime, instead to fix the current
> possibilities and promote signal.

I read the EFF warning as a temporary measure, to prevent adversaries
from sending cyphertext, and getting plaintext back. Until these
exploits were blocked. And if necessary, to use Signal in the interim.


More information about the Gnupg-users mailing list