Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

emacs-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

From:	Joost Kremers
Subject:	Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?
Date:	Wed, 16 May 2018 21:52:40 +0200
User-agent:	mu4e 1.1.0; emacs 25.3.50.1


On Wed, May 16 2018, Eli Zaretskii wrote:

(And private/secret correspondence shouldn't include suchexternal
references in the first place, IMHO.)

Sure, but if I understand EFAIL correctly, it's not about you oryour interlocutor including external references into encryptedemails. It's about an attacker sending you a carefully craftedmalicious email that contains the encrypted version of anotheremail that you once sent or received and which the attacker got ahold of (e.g., by gaining access to your ISP's mail server, or byintercepting it while in transit, or whatever). It's thismalicious email that contains external references, not youroriginal email that the attacker is trying to decrypt.


At least, that's my limited understanding of the issue...



--
Joost Kremers
Life has its moments

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?, (continued)

Prev by Date: Re: Propagating local variables?
Next by Date: Re: Propagating local variables?
Previous by thread: Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?
Next by thread: Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?
Index(es):
- Date
- Thread