A postmortem on Efail

Ben McGinnes ben at adversary.org
Mon May 21 19:12:44 CEST 2018

On Mon, May 21, 2018 at 08:51:17AM -0400, Robert J. Hansen wrote:
>> That being the *incredibly* unhelpful and likely actively harmful
>> recommendation to remove encryption and decryption functionality from
>> vulnerable MUAs.
> I blame the EFF for that more than I blame the Efail developers.  I
> expect the people who develop new attacks to overstate their
> importance: it's not out of any intent to deceive, it's just that
> they're too close to the problem to have a clear perspective on the
> user impact.

That is a good point and a fairly common situation; possibly the
second most common form of engineering blindness (the first one being
having a favourite tool and applying it to every problem regardless of
relevance — when armed with one's favourite hammer, everything looks
like a nail).

> The EFF, though...

Indeed …

> But even then, I have some sympathy for their position.  The EFF
> works with many different activists in many different countries
> running many different setups.  They were in a difficult situation
> of needing to put out a press release that had useful
> recommendations for everyone, left no one out in the cold, while
> still not raising a panic.

Had their publications been limited to the articles on the 13th and
14th, I could buy that.  Unfortunately the updates to the SSD website
on the 15th really strain things, especially the FAQ.  Not only is it
potentially panic-inducing, but they recommend an approach of having
end users campaign against using OpenPGP at all with all of their
contacts with no regard for what additional circumstances those
contacts have.

They've literally created a FUD-virus as a meme which will
self-replicate throughout the web-of-trust.  I'm sure we'll be
encountering people advising others not to use OpenPGP long after the
last of those affected MUAs are patched and *that* is stretching the
edges of the term reckless (as it is usually used in legislation,
e.g. reckless endangerment of life as opposed to, say, wilful
endangerment of life).

I also don't believe they can actually fix this now that they've
created it without a complete reversal of their current position;
which they can't do because of the MUAs which are affected and some
users could be targeted.  By the time the conditions are such that
they can consistently give the “all clear” on the matter, the
FUD-virus will have spread too far and be too independent of them to
stop (but will still gain credibility and traction by trading off
their name and reputation).

> Let me be clear: I think the EFF behaved irresponsibly.  But I can
> be sympathetic to their situation, too.  It's not a one-or-the-other
> thing.

Sure; doing nothing and ignoring the affected MUAs does no one any
good, but this response is likely to do more harm than the thing it's
intended to stop and it didn't have to be that way.

Not to mention the little matter that their sole recommendation of a
viable alternative in all circumstances is a service which is entirely
dependent on a centralised server (or network of servers).  One which
explicitly cannot be implemented in a federated manner and all
attempts to fork it in order to do precisely that have been abandoned
as a result of Moxie's opposition to them trying to connect to his
network to communicate with Signal users.

It's simply not a complete replacement in spite of EFF's wish that it
is.  It's a great addition to a suite of of services and tools, but
relying on it as a replacement for OpenPGP is misguided (not to
mention impossible for some people and/or networks and/or pseudonymity

> And I'm going to remain quiet on this further until I have
> time to see the EFF's postmortem.

I won't going beyond the current statement describing it as reckless
yet and I hope I don't have to.  Perhaps they will be able to do some
damage control in their own review.

>> Indeed, this particular release may still succeed in producing a body
>> count.  I am not yet aware of any confirmed fatalities stemming from
>> people panicking and stopping using crypto because they listened to
>> Efail and/or the EFF, but there is one particular community I'm
>> watching for just that issue right now.
> If I can help in any way, please let me know.

Appreciated, but in this particular case it would probably be a crime
for you to do so, at least directly to said group, whereas it's
perfectly legal over here.  It might depend a little on the
interpretation of the First Amendment over there, though, and it is
still possible that those laws are unconstitutional, but it's too
early to know for sure yet and it doesn't look like there are too many
organisations over there wanting to challenge it (yet).


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180522/2d51ea2c/attachment.sig>

More information about the Gnupg-users mailing list