On 14/05/18 08:45, Werner Koch wrote: > The topic of that paper is that HTML is used as a back channel to > create an oracle for modified encrypted mails.
This confirms that my forensic analysis of the wording of the announcement was sound. ;-) The good thing is that oracle attacks are *noisy*, so you'll notice when it happens. > There are two ways to mitigate this attack > > - Don't use HTML mails. Or if you really need to read them use a > proper MIME parser and disallow any access to external links. Unfortunately HTML mail is commonplace, so never reading an HTML mail again may be too much to ask. > - Use authenticated encryption. So how do we enforce MDC checking at the receiving end? I assume this is something that has to be handled by the calling program at the moment. I see that MDC is the default for all modern ciphers, but does that imply that MDC *checking* is the default? If so, then all we would need to do is disable non-modern ciphers. Looks like S/MIME is pretty much buggered though... -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
