Future OpenPGP Support in Thunderbird

Robert J. Hansen rjh at sixdemonbag.org
Tue Oct 15 21:09:40 CEST 2019

> I'm confused.  I thought the whole efail thing was about crafting a
> plain text message that says "Good signature verified" and fools the
> user even though it was never run through pgp or had its signature
> verified with s/mime.

I'd suggest reading the Efail paper.  The vast majority of the news
coverage was shoddy.  Efail included two *completely separate* attacks
in their paper, which the news media overwhelmingly conflated into a
single attack.

I'll call them Efail-1 and Efail-2 here.

Efail-1 was what Werner is talking about here.  It was a pretty bad blow
to S/MIME, but far less so to OpenPGP, since OpenPGP has had
countermeasures in place for almost twenty years.  Efail-1's impact on
OpenPGP was, is, minimal.

Efail-2 wasn't an attack on OpenPGP at all, but instead showed how
poorly email clients and/or email plugins communicated with GnuPG.  It
was possible for GnuPG to give a correct warning that someone was
playing games with the message, and for the email client to disregard
this warning and present it to the user as authentic.

Efail-1 had minimal applicability to GnuPG; Efail-2 had none whatsoever
(except, arguably, some of the messages GnuPG gave were ambiguous: I
think they were, but Werner disagrees).

More information about the Gnupg-users mailing list