Stories
Slash Boxes
Comments

SoylentNews is people

posted by chromas on Friday May 25 2018, @09:09AM   Printer-friendly
from the Less-than-a-week-ago dept.

https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08

https://admin.hostpoint.ch/pipermail/enigmail-users_enigmail.net/2018-May/004995.html

Writing just for himself -- not for GnuPG and not for Enigmail and definitely not for his employer -- Robert J Hansen, an Enigmail developer and GnuPG volunteer, put together a postmortem on Efail:

Less than a week ago, some researchers in Europe published a paper with the bombshell title "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels." There were a lot of researchers on that team but in the hours after release Sebastian Schinzel took the point on Twitter for the group.

Oh, my, did the email crypto world blow up. The following are some thoughts that have benefited from a few days for things to settle.

They say that when there's a fire in a nightclub you're at more risk of dying from the stampede than the blaze. The panic kills both by crushing people underfoot, and by clogging the exits so that people have to stay in the club longer and breathe more hot smoke-filled air. The fire is a problem but the panic is worse. That's what we saw here, and frankly I place a lot of blame for that at the feet of the Electronic Frontier Foundation.

Previously: PGP and S/MIME Vulnerable, Take Action Now (Update: Embargo Broken)


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Friday May 25 2018, @05:53PM

    by Anonymous Coward on Friday May 25 2018, @05:53PM (#684105)

    Indubitably