<html>
<head>
<meta content="text/html; charset=windows-1252"
http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
On 14/05/2018 08:27, Robert J. Hansen wrote:<br>
<blockquote
cite="mid:1f29d677-e41c-a96a-7237-dfcfd6809d06@sixdemonbag.org"
type="cite">
<pre wrap="">Werner saw a preprint of this paper some time ago. I saw it recently.
Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of
respect for the paper authors I will skip further comment until such
time as the paper is published.
It would've been nice if EFF had reached out to us for comment, rather
than apparently only talking to the paper authors. We hope they'll
reach out next time.
</pre>
</blockquote>
<br>
I see that the Inquirer is passing on the FUD. May I suggest that
someone authoritative gets in touch with them to correct them.<br>
<br>
<a
href="https://www.theinquirer.net/inquirer/news/3032200/pgp-is-leaking-plaintext-versions-of-your-emails-and-theres-no-known-cure">PGP
is leaking your emails in plaintext and there's no known fix</a><br>
<br>
Amongst other things this includes the following paragraph which, as
I understand it, is essentially untrue:<br>
<br>
<div align="left">
<blockquote><tt>"There are currently no reliable fixes for the
vulnerability. If you use PGP/GPG or S/MIME for very sensitive
communication, you should disable it in your email client for
now," </tt><tt><a title="Schnizel"
href="https://twitter.com/seecurity/status/995906576170053633"
target="_blank" rel="nofollow noopener noreferrer">said
Sebastian Schinzel</a></tt><tt>, a professor of computer
security at the University.</tt><br>
</blockquote>
</div>
<br>
<br>
(Re-sent as my outgoing server got a
"451-xx.xx.xx.xx+is+not+yet+authorized+to+deliver+mail+from" error
first time round.)<br>
<br>
<pre class="moz-signature" cols="72">--
Mark Rousell
PGP public key: <a class="moz-txt-link-freetext" href="http://www.signal100.com/markr/pgp">http://www.signal100.com/markr/pgp</a>
Key ID: C9C5C162
</pre>
</body>
</html>