A postmortem on Efail

Ben McGinnes ben at adversary.org
Wed May 23 04:05:47 CEST 2018


On Mon, May 21, 2018 at 11:19:18AM -1100, Mirimir wrote:
> On 05/21/2018 02:31 AM, Ben McGinnes wrote:
>> 
>> https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions
>> 
>> “What if I keep getting PGP emails?
>> 
>> You can decrypt these emails via the command line. If you prefer not
>> to, notify your contacts that PGP is, for the time being, no longer
>> safe to use in email clients and decide whether the conversation can
>> continue over another end-to-end encrypted platform, such as Signal.”
>> 
>> Because that couldn't possibly create a Chinese Whispers style
>> situation of self-perpetuating FUD … 🤦
> 
> I hadn't seen that. Pretty stupid :(

I can understand not having wanted to look too much farther after the
articles on the Deep Links blog, especially the second one on the
14th.  I'd been concentrating on something else and only paid it more
attention a bit later, so by that stage the article also included a
link at the end about the SSD updates and onward I clicked (with a
sense of dread).


Regards,
Ben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20180523/ea62614c/attachment.sig>


More information about the Gnupg-users mailing list