Future OpenPGP Support in Thunderbird

Werner Koch wk at gnupg.org
Mon Oct 14 18:34:28 CEST 2019

On Mon, 14 Oct 2019 10:54, Phillip Susi said:

>> encryption protocol is S/MIME and the last time I checked S/MIME (well,
>> CMS for the nitpickers) does not supoport any kind of authenticated
>> encryption.  In contarst OpenPGP provides this nearly for 2 decades.
> What do you mean?  S/MIME authenticates the user's identity via the CA.

authenticated encryption is different from signed and encrypted mails.
There are relative easy attacks on the encryption layer if standard
encryption modes like CBC (as in S/MIME) are used.  Whether this really
affects users is a different question but they can be used to leverage
implementation flaws in MUAs to full plaintext leaks.  This is known for
20 years and made it last year again to the media under the term EFAIL.

Granted, encrypted+signed mails can to a large extend also mitigate the
threat.  But there are still reasons why signatures can't be used or
need to be verified only at a latter time in the workflow.

OpenPGP had a mitigation against this since 2000 and was widely deployed
by 2003.  However S/MIME never implemented this despite of 10 years old
RFCs describing methods for such a mitigation, called authenticated
encryption (AE or AEAD).



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20191014/98cd9e31/attachment.sig>

More information about the Gnupg-users mailing list