https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08
https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-May/004995.html
Writing just for himself -- not for GnuPG and not for Enigmail and definitely not for his employer -- Robert J Hansen, an Enigmail developer and GnuPG volunteer, put together a postmortem on Efail:
Less than a week ago, some researchers in Europe published a paper with the bombshell title "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels." There were a lot of researchers on that team but in the hours after release Sebastian Schinzel took the point on Twitter for the group.
Oh, my, did the email crypto world blow up. The following are some thoughts that have benefited from a few days for things to settle.
They say that when there's a fire in a nightclub you're at more risk of dying from the stampede than the blaze. The panic kills both by crushing people underfoot, and by clogging the exits so that people have to stay in the club longer and breathe more hot smoke-filled air. The fire is a problem but the panic is worse. That's what we saw here, and frankly I place a lot of blame for that at the feet of the Electronic Frontier Foundation.
Previously: PGP and S/MIME Vulnerable, Take Action Now (Update: Embargo Broken)
(Score: 0) by Anonymous Coward on Friday May 25 2018, @05:53PM
Indubitably