efail is imho only a html rendering bug

[Patrick Brunschwig]

On 21.05.18 16:56, Klaus Römer wrote:
> Internet works because we have standards.
> Rfc 3986 states that URLs have to be ecoded.
> Redering-Engies which send unencodes content including whitespaces and newlines to an external Server are seriously broken.
> 
> (Only to point the finger at the real bug)

You only refer to one type of possible vulnerabilities that Efail
discovered. Even if there are no remote calls involved, it is still
possible to trick the user into sending a reply that contains decrypted
content.

-Patrick