Zitat von Martijn Brinkers via Users <[email protected]>:
Hi,
I have written a short blog article on EFAIL.
https://www.ciphermail.com/blog/efail-who-is-vulnerable-pgp-smime-or-your-mail-client.html
Kind regards,
Martijn Brinkers
On 14-05-18 14:40, CipherMail via Users wrote:
Hi,
This morning we were alerted about a new PGP vulnerability.
English:
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now Dutch:
https://tweakers.net/nieuws/138557/onderzoekers-stop-direct-met-gebruik-pgp-vanwege-lekken.html
What might be a secure fallback is to get a setting for ciphermail to
only decrypt valid signed e-mail and simply pass it along if there is
no signature or invalid signed. This could be a setting for the
security aware operator in the spirit of "better safe than sorry", no?
This will prevent ciphermail from using the decryption key in cases
where the user might get tricked to trust the sender otherwise.
Regards
Andreas
_______________________________________________
Users mailing list
[email protected]
https://lists.djigzo.com/lists/listinfo/users
