Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-16 Thread Octavio Alvarez
On 05/15/2018 04:34 AM, Rich Kulawiec wrote: > On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: >> TL;DR = Don't use HTML email [snip] > > That's enough right there. HTML markup in email is used exclusively > by three kinds of people: (1) ignorant newbies who don't know

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-16 Thread Rich Kulawiec
On Tue, May 15, 2018 at 10:42:31AM +0100, Brandon Butterworth wrote: > and phishers/exploiters. HTML markup in email is used exclusively > by four kinds of people I'll accept that as a friendly amendment. ;) It is -- to Brian Kantor's point elsewhere in the thread -- very unfortunate that many

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Daniel Corbe
On 5/15/2018 05:59, Brian Kantor wrote: > > I imagine some fool told them this improves security, and they were > stupid enough to believe it. > - Brian > It's a bit simpler than that. Too many people are dazzled by polished presentations. It's a sad fact of life that there are way

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Mark Rousell
On 15/05/2018 10:34, Rich Kulawiec wrote: > On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: >> TL;DR = Don't use HTML email [snip] > > That's enough right there. HTML markup in email is used exclusively > by three kinds of people: (1) ignorant newbies who don't know any >

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread ~
Embargo has been broken. Here's the full details: https://efail.de (h/t Martjin Grooten) On Mon, 14 May 2018, 09:19 Suresh Ramasubramanian, wrote: > Seems to be a set of MUA bugs that are being overblown and hyped up. > > TL;DR = Don't use HTML email with some mail clients

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Hunter Fuller
On Tue, May 15, 2018 at 2:31 PM Alan Buxey wrote: > real ones > Ah, the classic "no true Scotsman." I haven't seen one of these in a while. I think the vast majority of HTML email use is due to "email formatting and markup" being somewhere near the end of the priority

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Alan Buxey
real ones send such formulae as LaTeX attachments - where their recipients can have a simple plugin to view/display it inline (then save to edit/modify etc). HTML is horrible for formula...but at least I guess a little better than MS Word. alan

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread bzs
On May 15, 2018 at 05:34 r...@gsp.org (Rich Kulawiec) wrote: > On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: > > TL;DR = Don't use HTML email [snip] > > That's enough right there. HTML markup in email is used exclusively > by three kinds of people: (1) ignorant

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread nanog
On 05/15/2018 07:22 PM, Jim Shankland wrote: > On 5/15/18 2:34 AM, Rich Kulawiec wrote: >> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: >>> TL;DR = Don't use HTML email [snip] >> That's enough right there. HTML markup in email is used exclusively >> by three kinds of

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Jim Shankland
On 5/15/18 2:34 AM, Rich Kulawiec wrote: On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: TL;DR = Don't use HTML email [snip] That's enough right there. HTML markup in email is used exclusively by three kinds of people: (1) ignorant newbies who don't know any better (2)

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Max Tulyev
I did a lot. Centralized proprietary messenger with a lot of noise around. Unlike for example clear p2p tox, federalized own jabber server, with TOR to hide a metadata. 15.05.18 19:36, John Levine пише: > In article <47acebac-7df1-0dbb-9584-27062a945...@netassist.ua> you write: >> Really? Use

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread John Levine
In article <47acebac-7df1-0dbb-9584-27062a945...@netassist.ua> you write: >Really? Use extremely centralized closed source "solution"? You might want to learn a little about Signal. R's, John > >LOL. > >15.05.18 18:47, John Levine пише: >> In article

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Bill Woodcock
> On May 15, 2018, at 8:47 AM, John Levine wrote: > Bruce Schneier's blog entry ended by saying that > if you care about encryption use Signal or WhatsApp. I didn’t even. -Bill signature.asc Description: Message signed with OpenPGP

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Max Tulyev
Really? Use extremely centralized closed source "solution"? LOL. 15.05.18 18:47, John Levine пише: > In article <240538927.8145.1526388210820.JavaMail.mhammett@ThunderFuck> you > write: >> Encrypted e-mail is so incredibly niche, this won't affect almost everyone. > > Bruce Schneier's blog

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread John Levine
In article <240538927.8145.1526388210820.JavaMail.mhammett@ThunderFuck> you write: >Encrypted e-mail is so incredibly niche, this won't affect almost everyone. Bruce Schneier's blog entry on this arcane buglet ended by saying that if you care about encryption use Signal or WhatsApp. R's, John

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Rob McEwen
On 5/15/2018 5:34 AM, Rich Kulawiec wrote: That's enough right there. HTML markup in email is used exclusively by three kinds of people: (1) ignorant newbies who don't know any better (2) ineducable morons who refuse to learn (3) spammers. There are no exceptions. For years, I was very

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Stephen Satchell
On 05/15/2018 02:34 AM, Rich Kulawiec wrote: On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: TL;DR = Don't use HTML email [snip] That's enough right there. HTML markup in email is used exclusively by three kinds of people: (1) ignorant newbies who don't know any

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Mike Hammett
4:31 AM Subject: Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: > TL;DR = Don't use HTML email [snip] That's enough right there. HTML markup in email is used exclusively by three kinds of peopl

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Mike Hammett
m> To: nanog@nanog.org Sent: Monday, May 14, 2018 2:43:25 AM Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent This is likely bad enough operators need to pay attention. @seecurity tweeted: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Bjørn Mork
Brian Kantor writes: > On Tue, May 15, 2018 at 05:34:31AM -0400, Rich Kulawiec wrote: >> On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: >> > TL;DR = Don't use HTML email [snip] >> >> That's enough right there. HTML markup in email is used exclusively >>

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Brian Kantor
On Tue, May 15, 2018 at 05:34:31AM -0400, Rich Kulawiec wrote: > On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: > > TL;DR = Don't use HTML email [snip] > > That's enough right there. HTML markup in email is used exclusively > by three kinds of people: (1) ignorant

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Brandon Butterworth
On Tue May 15, 2018 at 05:34:31AM -0400, Rich Kulawiec wrote: > On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: > > TL;DR = Don't use HTML email [snip] > > That's enough right there. HTML markup in email is used exclusively > by three kinds of people: (1) ignorant newbies

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-15 Thread Rich Kulawiec
On Mon, May 14, 2018 at 01:47:50PM +0530, Suresh Ramasubramanian wrote: > TL;DR = Don't use HTML email [snip] That's enough right there. HTML markup in email is used exclusively by three kinds of people: (1) ignorant newbies who don't know any better (2) ineducable morons who refuse to learn (3)

Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-14 Thread Suresh Ramasubramanian
Seems to be a set of MUA bugs that are being overblown and hyped up. TL;DR = Don't use HTML email with some mail clients when sending pgp encrypted mail. https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html --srs On 14/05/18, 1:15 PM, "NANOG on behalf of George William Herbert"

Email security: PGP/GPG & S/MIME vulnerability drop imminent

2018-05-14 Thread George William Herbert
This is likely bad enough operators need to pay attention. @seecurity tweeted: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"