On Mon, 21 May 2018 19:11, r...@sixdemonbag.org said: > Efail is not just an HTML rendering bug. It includes very real > attacks against S/MIME as it's used by thousands of corporations.
I have not yet seen any hints on how a back-channel within the S/MIME protocol can work. There are claims that this can be done with CRLs and OCSP but that all requires substantial implementaion bugs in the S/MIME engines. The paper presents only vague ideas. Did I miss something? Note that when talking about S/MIME I actually mean the CMS/X.509 part and not the MIME part of it. For sure the same MIME parser bugs a few OpenPGP MUAs showed will also work with S/MIME - and even easier due to the missing intgerity protection at the crypto level. Shalom-Salam, Werner -- # Please read: Daniel Ellsberg - The Doomsday Machine # Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
pgp_BaEbVgW02.pgp
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users