On 21.05.18 21:59, Daniel Kahn Gillmor wrote:
> Hi all--
>
> i've just filed this pull request to fix a problem with "make check"
> during a build of enigmail 2.0.5:
>
> https://gitlab.com/enigmail/enigmail/merge_requests/1
>
> I'm a little surprised to see a signed tag that doesn't pass "make
On 21.05.18 23:58, Phil Stracchino wrote:
> On 05/21/18 16:36, David wrote:
>> On 5/21/2018 3:35 PM, Patrick Brunschwig wrote:
>>> On 21.05.18 21:19, David wrote:
Is Thunderbird going to continue to follow Mozilla Firefox's lead
and eventually drop support for "bootstrap" extensions? If s
On 21/05/2018 18:12, Ben McGinnes wrote:
> Had their publications been limited to the articles on the 13th and
> 14th, I could buy that. Unfortunately the updates to the SSD website
> on the 15th really strain things, especially the FAQ. Not only is it
> potentially panic-inducing, but they recom
On 21/05/2018 19:34, Onno Ekker wrote:
> Isn't the simplest way to prevent such an attack to decouple the
> downloading and reading of e-mail? If you go online, download e-mail, go
> offline and then read e-mail, there's no way a html-message can phone
> home or otherwise leak information? Or am I
On 05/21/18 16:36, David wrote:
> On 5/21/2018 3:35 PM, Patrick Brunschwig wrote:
>> On 21.05.18 21:19, David wrote:
>>> Is Thunderbird going to continue to follow Mozilla Firefox's lead
>>> and eventually drop support for "bootstrap" extensions? If so may
>>> I ask what you have planed for the fut
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/21/2018 3:35 PM, Patrick Brunschwig wrote:
> On 21.05.18 21:19, David wrote:
>> On 5/21/2018 12:38 PM, Patrick Brunschwig wrote:
>>> I have released Enigmail v2.0.5 for Thunderbird version 52 and
>>> SeaMonkey 2.46 and newer.
>>
>>
>>> Change
Hi all--
i've just filed this pull request to fix a problem with "make check"
during a build of enigmail 2.0.5:
https://gitlab.com/enigmail/enigmail/merge_requests/1
I'm a little surprised to see a signed tag that doesn't pass "make
check" -- is "make check" run before every release?
-
On 21.05.18 21:19, David wrote:
> On 5/21/2018 12:38 PM, Patrick Brunschwig wrote:
>> I have released Enigmail v2.0.5 for Thunderbird version 52 and
>> SeaMonkey 2.46 and newer.
>
>
>> Changes === This version prevents against all forms of the
>> "Efail" vulnerability (https://efail.de) and s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/21/2018 12:38 PM, Patrick Brunschwig wrote:
> I have released Enigmail v2.0.5 for Thunderbird version 52 and
> SeaMonkey 2.46 and newer.
>
>
> Changes === This version prevents against all forms of the
> "Efail" vulnerability (https://efai
On Mon, May 21, 2018 at 08:51:17AM -0400, Robert J. Hansen wrote:
>> That being the *incredibly* unhelpful and likely actively harmful
>> recommendation to remove encryption and decryption functionality from
>> vulnerable MUAs.
>
> I blame the EFF for that more than I blame the Efail developers.
I have released Enigmail v2.0.5 for Thunderbird version 52 and SeaMonkey
2.46 and newer.
Changes
===
This version prevents against all forms of the "Efail" vulnerability
(https://efail.de) and similar attacks. I strongly recommend to upgrade
to Enigmail 2.0.5 as soon as possible.
Details
==
Hi,
Phil Pennock:
> 4. Get together actual MUA maintainers who are users of the GnuPG
>code-base in a mailing-list and hammer out details of "what should be
>done about old mail". Cryptographers have long said to decrypt
>inbound mail and re-encrypt it to a storage key, which can
>
On 21/05/18 15:01, Phil Stracchino wrote:
> On 05/21/18 09:57, Andrew Gallagher wrote:
>> On 21/05/18 14:35, Phil Stracchino wrote:
>>> What MySQL (from mid-5.7 on) does for tablespace encryption might be of
>>> note here. MySQL uses a fixed table key for each encrypted InnoDB
>>> table, but encry
On 05/21/18 09:57, Andrew Gallagher wrote:
> On 21/05/18 14:35, Phil Stracchino wrote:
>> What MySQL (from mid-5.7 on) does for tablespace encryption might be of
>> note here. MySQL uses a fixed table key for each encrypted InnoDB
>> table, but encrypts the table keys with a master key which is
>>
On 21/05/18 14:35, Phil Stracchino wrote:
> What MySQL (from mid-5.7 on) does for tablespace encryption might be of
> note here. MySQL uses a fixed table key for each encrypted InnoDB
> table, but encrypts the table keys with a master key which is
> periodically rotated. This allows regular rotat
On 05/21/18 08:34, Ben McGinnes wrote:
> To say, “we have this edge case scenario that really needs an active
> targeted attack on a case by case basis, so everyone should just stop
> integrating encryption” is the kind of thing that can get people
> killed.
Indeed. "There is a possible attack a
On 05/20/18 16:28, Phil Pennock wrote:
> 4. Get together actual MUA maintainers who are users of the GnuPG
>code-base in a mailing-list and hammer out details of "what should be
>done about old mail". Cryptographers have long said to decrypt
>inbound mail and re-encrypt it to a storage
> That being the *incredibly* unhelpful and likely actively harmful
> recommendation to remove encryption and decryption functionality from
> vulnerable MUAs.
I blame the EFF for that more than I blame the Efail developers. I
expect the people who develop new attacks to overstate their importance
On Sun, May 20, 2018 at 02:26:47AM -0400, Robert J. Hansen wrote:
> Writing just for myself -- not for GnuPG and not for Enigmail and
> definitely not for my employer -- I put together a postmortem on Efail.
> You may find it worth reading. You may also not. Your mileage will
> probably vary. :)
On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote:
> https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
Excellent post. I favor breaking backwards compatibility and including
in the shipped README a description of "The conditions under which we
anticipate future backwards compatibility
20 matches
Mail list logo
