efail is imho only a html rendering bug

Patrick Brunschwig patrick at enigmail.net
Tue May 22 08:11:46 CEST 2018


On 21.05.18 16:56, Klaus Römer wrote:
> Internet works because we have standards.
> Rfc 3986 states that URLs have to be ecoded.
> Redering-Engies which send unencodes content including whitespaces and newlines to an external Server are seriously broken.
> 
> (Only to point the finger at the real bug)

You only refer to one type of possible vulnerabilities that Efail
discovered. Even if there are no remote calls involved, it is still
possible to trick the user into sending a reply that contains decrypted
content.

-Patrick



More information about the Gnupg-users mailing list