efail is imho only a html rendering bug

Robert J. Hansen rjh at sixdemonbag.org
Mon May 21 19:11:16 CEST 2018


> (Only to point the finger at the real bug)

Efail is not just an HTML rendering bug.  It includes very real attacks 
against S/MIME as it's used by thousands of corporations.

It's true that the cryptanalytic attack on OpenPGP is pretty much 
nothing.  But even then, there's room to argue whether GnuPG has made it 
too easy for email clients to do the wrong thing.

Efail is not just an HTML rendering bug.  The hype around it is awful, 
but there are good things in the paper and we should be careful not to 
wash our hands of it and say "nope, not our problem..."



More information about the Gnupg-users mailing list