On 14/05/18 13:42, Robert J. Hansen wrote: >> If I read it correctly, it also has another attack, no longer based on >> user agents concatenating HTML mime parts, but also based on CFB >> gadgets. Which, here, looks like a flaw in the OpenPGP specification >> indeed (and thus GnuPG's implementation of it), and not in MUAs? > > MDCs stop it dead. If a message has no MDC or an invalid MDC, GnuPG > _will_ warn you about it. Now, whether your email client does the right > thing upon being warned, that's between you and your email client...
This all exposes one of the difficulties with trying to manage security software in a decentralised ecosystem. We end up in arguments over whose responsibility it is when the joints come apart. I would humbly suggest that we stop worrying about which side of the GPG/MUA fence the ball is on, and fix it on *both* sides. That means: 1. change the default behaviour of GPG so that any integrity failure is fatal by default, even for old ciphersuites (we could have a flag to override for those that really need it). For belt and braces, disable the obsolete ciphersuites by default (again, we can provide an override). We have assumed that so long as you don't *generate* poor crypto you're safe. That's just not true. 2. AND the MUAs need to make sure they fail hard on integrity warnings, because old versions of GPG may hang around for a while. Also ensure that links aren't followed by default, that the capabilities of encrypted HTML mail are constrained, etc. The PGP ecosystem will survive this, because the tech is in place. The enforcement has just erred a little too far on the side of compatibility. It's all fixable. -- Andrew Gallagher
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
