The following is what I wrote to a journalist covering the story: =====
We've known about problems in OpenPGP's feedback mode for at least thirteen years. (See https://eprint.iacr.org/2005/033.pdf for an example.) The OpenPGP working group resolved these problems by adopting modification detection codes (MDCs). GnuPG properly implements MDCs and gives clear and unambiguous warnings if a message lacks an MDC. The paper authors acknowledge that if an email client handles these warnings sensibly, their attack fails. In other words, their attack is completely dependent on email clients handling our warnings in a broken way. Great: that they've found bugs in major email clients is a good thing, but where's the flaw in the OpenPGP protocol or GnuPG's implementation of it? And does this really deserve the hype-tastic title "Breaking S/MIME and OpenPGP Email Encryption" when it really doesn't do that? In grad school my adviser told me to follow Napoleon's Rule in paper titles. "If you tell the world you're going to conquer Russia, you'd better conquer Russia." This paper doesn't deliver on what its title promises.
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
