The Call of the Open Sidewalk

From a place slightly to the side of the more popular path

User Tools

Site Tools


pgpfan:efail

This is an old revision of the document!


The EFAIL Hoax

In 2018 a security issue called EFAIL was all over the technical media and even leaked into the regular media. Many of those articles were misleading or incorrect. Some gave dangerous advice. Here is an example of a particularly hyperbolic headline:

EFAIL was a clever use of image URLs in HTML emails to leak decrypted messages. Such data leakage was a known issue and was under routine exploitation. This particular use was probably not very much of a surprise.

The EFAIL thing still comes up in discussions about PGP so I pretty much have to address it in this series of articles.

EFAIL Was Not a PGP Issue

My main argument does not involve many of the actual details so I will use a physical analogy:

Your business owns a building. That building has a hole in the wall. The hole isn't really a problem so you don't pay much attention to it. Occasionally the odd tool goes missing. You suspect the tools are going out through the hole but concentrate on more serious issues.

Then one day you come in and both of your trucks are missing (the keys are kept on a rack on the wall). It is quite the mystery until someone notices that the hole is of a size and shape that would allow a truck to pass through. The trucks must be deficient in some way:

  • The trucks were too small. A larger truck would not of fit though the hole. The new trucks should be larger or should have extensions welded to the frame.
  • The trucks should of refused to start after business hours.
  • The trucks were too complex and confusing in their operation. It was not obvious that leaving the keys on the wall could be a security issue. The keys should be left in the ignition to get them out of sight.

Somewhat obviously, the point here is that when you have a hole big enough to drive a truck through, it is pointless to blame the truck. That is particularly true in this case where the two trucks represent entirely different encryption systems (PGP and S/MIME). The hole represents data leakage using URLs in HTML emails. The tool pilferage represents the ongoing exploitation of such leakage for unauthorized tracking of email recipients.

The EFAIL disclosure resulted in no functional changes to the OpenPGP standard or implementations of that standard. There was simply nothing to be done as the system was being used entirely as intended and produced results entirely as expected. That would still be true even if the researchers were able to defeat the OpenPGP MDC integrity check. The word “Hoax” in the title of this article refers to the attempts to imply that EFAIL represented some deficiency in PGP.

The OpenPGP standard and implementations of that standard suffer from genuine security weaknesses from time to time. That is why the media blowup over EFAIL is so odd.

To be clear (and fair) the EFAIL disclosure does not represent any sort of real deficiency in S/MIME either.

EFAIL Was Not Really an Email Client Issue

EFAIL is really just an extreme example of the HTML email problem. EFAIL only can work when the email client allows loading of remote assets though things like image URLs. In that configuration the email client has no way to distinguish between legitimate URLs and those that contain data to be leaked. The problem is simply not solvable at the email client level as stated for the EFAIL case.

There was some unhappiness about how some email clients dealt with bad PGP MDC integrity checks. Some improvements were made. This all ended up being a distraction from the more fundamental issues.

PGP FAN index

pgpfan/efail.1592842978.txt.gz · Last modified: 2020/06/22 16:22 by b.walzer