EmailDiscussions.com - View Single Post

pjwalsh · 15 May 2018, 09:05 AM

[OpenPGP] Email clients vulnerable / not-vulnerable.
https://efail.de/media/efail-disclosure-pgp.png

On the S/MIME side, only Claws and Mutt were found not vulnerable.

Efail
- Mitigations

From the GnuPG statement:

1. This paper is misnamed. It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned.

2. This attack targets buggy email clients. Correct use of the MDC completely prevents this attack. GnuPG has had MDC support since the summer of 2000.

15 May 2018, 09:05 AM	#8
pjwalsh Essential Contributor Join Date: Dec 2008 Location: Canada Posts: 312	[OpenPGP] Email clients vulnerable / not-vulnerable. https://efail.de/media/efail-disclosure-pgp.png On the S/MIME side, only Claws and Mutt were found not vulnerable. Efail - Mitigations From the GnuPG statement: 1. This paper is misnamed. It's not an attack on OpenPGP. It's an attack on broken email clients that ignore GnuPG's warnings and do silly things after being warned. 2. This attack targets buggy email clients. Correct use of the MDC completely prevents this attack. GnuPG has had MDC support since the summer of 2000. Last edited by pjwalsh : 16 May 2018 at 08:22 AM.