Vincent Lefevre
2018-05-14 13:33:33 UTC
About Efail <https://efail.de/>, you may be interested in this
discussion:
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
Mutt is probably safe as not rendering HTML, but this isn't clear...
And piping a decrypted mail to a browser (e.g. if there is no
text/plain part, and an attacker can ensure that) is not safe.
Does it handle the GPG warning in a special way? The display of the
warning only is not sufficient since it can easily remain unnoticed
by the user.
discussion:
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
Mutt is probably safe as not rendering HTML, but this isn't clear...
And piping a decrypted mail to a browser (e.g. if there is no
text/plain part, and an attacker can ensure that) is not safe.
Does it handle the GPG warning in a special way? The display of the
warning only is not sufficient since it can easily remain unnoticed
by the user.
--
Vincent Lefèvre <***@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
Vincent Lefèvre <***@vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)