> I think a fundamental discussion is necessary with the question: Who
> should / will use GnuPG in the future?
While y'all are having this discussion, remember that GnuPG's 95% use
case is verifying Linux packages, and that number isn't expected to
change a whole lot.
Email users are important,
On 05/16/2018 02:46 AM, Martin wrote:
> Hi
>
> Am Dienstag, 15. Mai 2018, 22:19:17 schreiben Sie:
>
>> On 05/15/2018 04:44 AM, Patrick Brunschwig wrote:
>
>>
>
>>> I think the correct solution must be to treat each MIME part
>>> independently, i.e. it needs to be parsed independently by the HT
On 05/16/2018 05:48 AM, Werner Koch wrote:
> On Tue, 15 May 2018 11:56, andr...@andrewg.com said:
>
>> We should also be very careful to note that none of this discussion
>> thread applies to the MIME concatenation vulnerability, which is a
>> problem in Thunderbird and other mail clients, and whi
> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig :
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
>
>
>
>
> --WRAPPER
> (result of PGP/MIME decryption)
> —WRAPPER—
Looks alright so far, does
On Wed, 16 May 2018 10:02, g...@unixarea.de said:
> Most (if not even all) of the MUA which are noted for Linux do run on
> nearly any other UNIX flavor, FreeBSD, OpenBSD, ... and mutt in addition
I would have written Unix instead of mentioning one specific flavor of
Unix kernel software ;-) Giv
On Tue, 15 May 2018 11:56, andr...@andrewg.com said:
> We should also be very careful to note that none of this discussion
> thread applies to the MIME concatenation vulnerability, which is a
> problem in Thunderbird and other mail clients, and which cannot be
While we are at that point. Can we
On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said:
> In my opinion it is hard to find such a "one size fits all"
> solution. Like Werner's example: disabling decryption streaming
The goal of the MDC is to assure that the message has been received
exactly as the sender set it. Thus there is
Hi everyone,
I'm fairly new to GnuPG and GPGME in general and I'm currently trying to
implement a process in which a file is uploaded from a website in which
case my program uses GPGME to decrypt the file returning true or false.
The first time I upload the file (a .tar.gz) and run
"gpgme_op_decr
Oh man.. check a few of the previous list emails on this subject. They're
fairly detailed.
Farhan
On Wed, May 16, 2018 at 3:04 AM, eira wahlin wrote:
> Hi.
> I've been looking at a vulnerability in mail clients using pgp, described
> at efail.de. It is a technique where an attacker would inject
Hi,
Am Mittwoch, 16. Mai 2018, 10:02:21 schreiben Sie:
> Werner, my conclusion in addition is that the table is incorrect.
> Most (if not even all) of the MUA which are noted for Linux do run on
> nearly any other UNIX flavor, FreeBSD, OpenBSD, ... and mutt in addition
> runs on Canonical Ubunt
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi
Am Dienstag, 15. Mai 2018, 22:19:17 schreiben Sie:
> On 05/15/2018 04:44 AM, Patrick Brunschwig wrote:
>
>> I think the correct solution must be to treat each MIME part
>> independently, i.e. it needs to be parsed independently by the HTML
>>
> Von: Andrew Gallagher [mailto:andr...@andrewg.com]
>
> > On 16 May 2018, at 13:44, Fiedler Roman
> wrote:
> >
> > I am not sure, if gpg could support
> > implementation/testing/life-cycle-efforts
> to establish all those parameters and different process models for most of the
> decryption proce
> I’m going to preemptively quote RJH here before he gets around to it. Use the
> defaults! ;-)
:)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
> On 16 May 2018, at 13:44, Fiedler Roman wrote:
>
> I am not sure, if gpg could support implementation/testing/life-cycle-efforts
> to establish all those parameters and different process models for most of
> the decryption processes gpg users envision to use gpg for.
Why do we need a pletho
On Wed, 16 May 2018 10:48, o...@mat.ucm.es said:
>> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
>
>> My conclusion is that S/MIME is vulnerable in most clients with the
>> exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the
>> requirement for a user consen
> Von: Werner Koch [mailto:w...@gnupg.org]
>
> On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said:
>
> > The status line format should be designed to support those variants to
> > allow a "logical consistency check" of the communication with GnuPG
>
> There is a
>
> DECRYPTION_FAILED
>
> and t
On Tue, 15 May 2018 20:45, tookm...@gmail.com said:
> PROGRESS UPDATE: what = primegen, type = 43, current = 0, total = 0
>
>
> Aren't current and total supposed to indicate progress? Why might they
> be zero?
Depends on the type of progress. For prime generation we can't do any
estimation.
f y
On Tue, 15 May 2018 17:06, mw...@iupui.edu said:
> Heh. "We've discovered that locks can be picked, so you should remove
> all the locks from your doors right now."
"There are lot of benefits for members of the Mechanical Frontdoor
Foundation. Rely on us for your social engineering tasks. Bec
On Tue, 15 May 2018 22:19, miri...@riseup.net said:
> So why use HTML with gnupg?
Even some of the journalist kicking that EFFective hype are using
encrypted mails with HTML content.
's/
pgpaY0DPHbkw1.pgp
Description: PGP signature
___
Gnupg-users mai
On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said:
> The status line format should be designed to support those variants to
> allow a "logical consistency check" of the communication with GnuPG
There is a
DECRYPTION_FAILED
and that is all what it takes. If the integrity check fails the
Sorry for this possible double posting. I am usually using gmane, but I
don't see my mail appearing so I resend it to the list, to which I
subscribed now.
> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> My conclusion is that S/MIME is vulnerable in most clients with the
> exc
El día Tuesday, May 15, 2018 a las 10:44:16AM +0200, Werner Koch escribió:
> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> > NCCIC encourages users and administrators to review CERT/CC’s Vulnerability
> > Note VU #122919.
>
> Doesn't CERT read the paper before produciong a report? The t
Hi.
I've been looking at a vulnerability in mail clients using pgp, described at
efail.de. It is a technique where an attacker would inject a HTML IMG tag in an
email, enveloping the encrypted text. This would send the cleartext message to
the server inticated in the IMG tag.
To me, it seems th
On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> NCCIC encourages users and administrators to review CERT/CC’s Vulnerability
> Note VU #122919.
Doesn't CERT read the paper before produciong a report? The table of
vulnerable MUAs is easy enough to read. To better see what we are
discussing,
> On 16 May 2018, at 05:21, Patrick Brunschwig wrote:
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
>
>
>
>
> --WRAPPER
> (result of PGP/MIME decryption)
> --WRAPPER--
I like this. It handles
25 matches
Mail list logo
