A postmortem on Efail
Ben McGinnes
ben at adversary.org
Mon May 21 15:31:37 CEST 2018
On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote:
> On 05/19/2018 11:44 PM, Aleksandar Lazic wrote:
>>
>> I do not want to create a conspiracy theory but it's wiggy that
>> EFF favors *NO* security ,pgp or s/mime, instead to fix the current
>> possibilities and promote signal.
>
> I read the EFF warning as a temporary measure, to prevent
> adversaries from sending cyphertext, and getting plaintext
> back. Until these exploits were blocked. And if necessary, to use
> Signal in the interim.
I could have given them that benefit of the doubt on the initial
article too, but the FAQ they now have on the Surveillance
Self-Defense website does rather eviscerate any hope of that:
https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions
“What if I keep getting PGP emails?
You can decrypt these emails via the command line. If you prefer not
to, notify your contacts that PGP is, for the time being, no longer
safe to use in email clients and decide whether the conversation can
continue over another end-to-end encrypted platform, such as Signal.”
Because that couldn't possibly create a Chinese Whispers style
situation of self-perpetuating FUD … 🤦
Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180521/d66c2cb0/attachment.sig>
More information about the Gnupg-users
mailing list