> On 16 May 2018, at 05:21, Patrick Brunschwig wrote:
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
>
>
>
>
> --WRAPPER
> (result of PGP/MIME decryption)
> --WRAPPER--
Hi.
I've been looking at a vulnerability in mail clients using pgp, described at
efail.de. It is a technique where an attacker would inject a HTML IMG tag in an
email, enveloping the encrypted text. This would send the cleartext message to
the server inticated in the IMG tag.
To me, it seems
On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> NCCIC encourages users and administrators to review CERT/CC’s Vulnerability
> Note VU #122919.
Doesn't CERT read the paper before produciong a report? The table of
vulnerable MUAs is easy enough to read. To better see what we are
El día Tuesday, May 15, 2018 a las 10:44:16AM +0200, Werner Koch escribió:
> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> > NCCIC encourages users and administrators to review CERT/CC’s Vulnerability
> > Note VU #122919.
>
> Doesn't CERT read the paper before produciong a report? The
> I’m going to preemptively quote RJH here before he gets around to it. Use the
> defaults! ;-)
:)
___
Gnupg-users mailing list
Gnupg-users@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-users
Oh man.. check a few of the previous list emails on this subject. They're
fairly detailed.
Farhan
On Wed, May 16, 2018 at 3:04 AM, eira wahlin wrote:
> Hi.
> I've been looking at a vulnerability in mail clients using pgp, described
> at efail.de. It is a technique where an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi
Am Dienstag, 15. Mai 2018, 22:19:17 schreiben Sie:
> On 05/15/2018 04:44 AM, Patrick Brunschwig wrote:
>
>> I think the correct solution must be to treat each MIME part
>> independently, i.e. it needs to be parsed independently by the HTML
Hi everyone,
I'm fairly new to GnuPG and GPGME in general and I'm currently trying to
implement a process in which a file is uploaded from a website in which
case my program uses GPGME to decrypt the file returning true or false.
The first time I upload the file (a .tar.gz) and run
> Von: Andrew Gallagher [mailto:andr...@andrewg.com]
>
> > On 16 May 2018, at 13:44, Fiedler Roman
> wrote:
> >
> > I am not sure, if gpg could support
> > implementation/testing/life-cycle-efforts
> to establish all those parameters and different process models for most
> On 16 May 2018, at 13:44, Fiedler Roman wrote:
>
> I am not sure, if gpg could support implementation/testing/life-cycle-efforts
> to establish all those parameters and different process models for most of
> the decryption processes gpg users envision to use gpg
On Wed, 16 May 2018 10:48, o...@mat.ucm.es said:
>> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
>
>> My conclusion is that S/MIME is vulnerable in most clients with the
>> exception of The Bat!, Kmail, Claws, Mutt and Horde IMP. I take the
>> requirement for a user
On Tue, 15 May 2018 22:19, miri...@riseup.net said:
> So why use HTML with gnupg?
Even some of the journalist kicking that EFFective hype are using
encrypted mails with HTML content.
's/
pgpaY0DPHbkw1.pgp
Description: PGP signature
___
Gnupg-users
On Tue, 15 May 2018 20:45, tookm...@gmail.com said:
> PROGRESS UPDATE: what = primegen, type = 43, current = 0, total = 0
>
>
> Aren't current and total supposed to indicate progress? Why might they
> be zero?
Depends on the type of progress. For prime generation we can't do any
estimation.
f
On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said:
> The status line format should be designed to support those variants to
> allow a "logical consistency check" of the communication with GnuPG
There is a
DECRYPTION_FAILED
and that is all what it takes. If the integrity check fails
Sorry for this possible double posting. I am usually using gmane, but I
don't see my mail appearing so I resend it to the list, to which I
subscribed now.
> On Tue, 15 May 2018 03:31, je...@seibercom.net said:
> My conclusion is that S/MIME is vulnerable in most clients with the
>
> Von: Werner Koch [mailto:w...@gnupg.org]
>
> On Tue, 15 May 2018 11:44, roman.fied...@ait.ac.at said:
>
> > The status line format should be designed to support those variants to
> > allow a "logical consistency check" of the communication with GnuPG
>
> There is a
>
> DECRYPTION_FAILED
>
> and
On Tue, 15 May 2018 17:06, mw...@iupui.edu said:
> Heh. "We've discovered that locks can be picked, so you should remove
> all the locks from your doors right now."
"There are lot of benefits for members of the Mechanical Frontdoor
Foundation. Rely on us for your social engineering tasks.
On Tue, 15 May 2018 11:56, andr...@andrewg.com said:
> We should also be very careful to note that none of this discussion
> thread applies to the MIME concatenation vulnerability, which is a
> problem in Thunderbird and other mail clients, and which cannot be
While we are at that point. Can we
On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said:
> In my opinion it is hard to find such a "one size fits all"
> solution. Like Werner's example: disabling decryption streaming
The goal of the MDC is to assure that the message has been received
exactly as the sender set it. Thus there
On Wed, 16 May 2018 10:02, g...@unixarea.de said:
> Most (if not even all) of the MUA which are noted for Linux do run on
> nearly any other UNIX flavor, FreeBSD, OpenBSD, ... and mutt in addition
I would have written Unix instead of mentioning one specific flavor of
Unix kernel software ;-)
On 05/16/2018 05:48 AM, Werner Koch wrote:
> On Tue, 15 May 2018 11:56, andr...@andrewg.com said:
>
>> We should also be very careful to note that none of this discussion
>> thread applies to the MIME concatenation vulnerability, which is a
>> problem in Thunderbird and other mail clients, and
On 05/16/2018 02:46 AM, Martin wrote:
> Hi
>
> Am Dienstag, 15. Mai 2018, 22:19:17 schreiben Sie:
>
>> On 05/15/2018 04:44 AM, Patrick Brunschwig wrote:
>
>>
>
>>> I think the correct solution must be to treat each MIME part
>>> independently, i.e. it needs to be parsed independently by the
> I think a fundamental discussion is necessary with the question: Who
> should / will use GnuPG in the future?
While y'all are having this discussion, remember that GnuPG's 95% use
case is verifying Linux packages, and that number isn't expected to
change a whole lot.
Email users are important,
> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig :
>
> Content-Type: mutlipart/mixed; boundary="WRAPPER"
> Content-Description: Efail protection wrapper
>
> --WRAPPER
> Content-Type: text/html
>
>
>
>
>
> --WRAPPER
> (result of PGP/MIME decryption)
> —WRAPPER—
24 matches
Mail list logo