A postmortem on Efail

Mirimir mirimir at riseup.net
Tue May 22 00:19:18 CEST 2018

On 05/21/2018 02:31 AM, Ben McGinnes wrote:
> On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote:
>> On 05/19/2018 11:44 PM, Aleksandar Lazic wrote:
>>> I do not want to create a conspiracy theory but it's wiggy that
>>> EFF favors *NO* security ,pgp or s/mime, instead to fix the current
>>> possibilities and promote signal.
>> I read the EFF warning as a temporary measure, to prevent
>> adversaries from sending cyphertext, and getting plaintext
>> back. Until these exploits were blocked. And if necessary, to use
>> Signal in the interim.
> I could have given them that benefit of the doubt on the initial
> article too, but the FAQ they now have on the Surveillance
> Self-Defense website does rather eviscerate any hope of that:
> https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions
> “What if I keep getting PGP emails?
> You can decrypt these emails via the command line. If you prefer not
> to, notify your contacts that PGP is, for the time being, no longer
> safe to use in email clients and decide whether the conversation can
> continue over another end-to-end encrypted platform, such as Signal.”
> Because that couldn't possibly create a Chinese Whispers style
> situation of self-perpetuating FUD … 🤦
> Regards,
> Ben

I hadn't seen that. Pretty stupid :(

More information about the Gnupg-users mailing list