|
From: | Joost Kremers |
Subject: | Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME? |
Date: | Wed, 16 May 2018 21:52:40 +0200 |
User-agent: | mu4e 1.1.0; emacs 25.3.50.1 |
On Wed, May 16 2018, Eli Zaretskii wrote:
(And private/secret correspondence shouldn't include such externalreferences in the first place, IMHO.)
Sure, but if I understand EFAIL correctly, it's not about you or your interlocutor including external references into encrypted emails. It's about an attacker sending you a carefully crafted malicious email that contains the encrypted version of another email that you once sent or received and which the attacker got a hold of (e.g., by gaining access to your ISP's mail server, or by intercepting it while in transit, or whatever). It's this malicious email that contains external references, not your original email that the attacker is trying to decrypt.
At least, that's my limited understanding of the issue... -- Joost Kremers Life has its moments
[Prev in Thread] | Current Thread | [Next in Thread] |