[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?

From: Joost Kremers
Subject: Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME?
Date: Wed, 16 May 2018 21:52:40 +0200
User-agent: mu4e 1.1.0; emacs

On Wed, May 16 2018, Eli Zaretskii wrote:
(And private/secret correspondence shouldn't include such external
references in the first place, IMHO.)

Sure, but if I understand EFAIL correctly, it's not about you or your interlocutor including external references into encrypted emails. It's about an attacker sending you a carefully crafted malicious email that contains the encrypted version of another email that you once sent or received and which the attacker got a hold of (e.g., by gaining access to your ISP's mail server, or by intercepting it while in transit, or whatever). It's this malicious email that contains external references, not your original email that the attacker is trying to decrypt.

At least, that's my limited understanding of the issue...

Joost Kremers
Life has its moments

reply via email to

[Prev in Thread] Current Thread [Next in Thread]