pgpfan:efail
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
pgpfan:efail [2021/09/12 11:09] – An attempt to prevent distraction by misrepresentation... b.walzer | pgpfan:efail [2022/05/16 19:46] – No one cares about my opinions of media. b.walzer | ||
---|---|---|---|
Line 5: | Line 5: | ||
* [[https:// | * [[https:// | ||
- | To be completely clear... The word " | + | To be completely clear... The word " |
EFAIL was a list of different ways to cause inherently insecure message content (HTML email) to leak decrypted messages. Such data leakage was a known issue and was under routine exploitation at the time. This fact alone should be enough to convince most people EFAIL had nothing to do with either PGP (or S/MIME). When you have a hole big enough to drive a truck through there is no extra value in discussing the size and shape of the truck. Unfortunately in the case of EFAIL we need to spend time discussing truck dimensions. | EFAIL was a list of different ways to cause inherently insecure message content (HTML email) to leak decrypted messages. Such data leakage was a known issue and was under routine exploitation at the time. This fact alone should be enough to convince most people EFAIL had nothing to do with either PGP (or S/MIME). When you have a hole big enough to drive a truck through there is no extra value in discussing the size and shape of the truck. Unfortunately in the case of EFAIL we need to spend time discussing truck dimensions. | ||
Line 23: | Line 23: | ||
A more fundamental problem with all this is that when used for messaging, PGP uses a combined identity/ | A more fundamental problem with all this is that when used for messaging, PGP uses a combined identity/ | ||
- | The OpenPGP standard and implementations of that standard have suffered from security weaknesses of greater significance than EFAIL with no media coverage at all. That is why the media blowup over EFAIL is so odd. I have a theory... | + | The OpenPGP standard and implementations of that standard have suffered from security weaknesses of greater significance than EFAIL with no media coverage at all. That is why the media blowup over EFAIL is so odd. I have no idea why this ended up so wrong. What ever the reasons, |
- | + | ||
- | Encryption "at rest" is pretty much a solved problem for the sorts of things OpenPGP does. That is why the OpenPGP standard is so stable over the years. As a result there is not very much academic interest in such problems any more. | + | |
- | + | ||
- | The excitement these days is mostly centred on the issues of "in flight" | + | |
- | + | ||
- | So this all might just be another | + | |
[[pgpfan: | [[pgpfan: | ||
pgpfan/efail.txt · Last modified: 2022/05/16 21:17 by b.walzer