On 14/05/2018 08:27, Robert J. Hansen wrote: > Werner saw a preprint of this paper some time ago. I saw it recently. > Patrick Brunschwig of Enigmail saw it. None of us are worried. Out of > respect for the paper authors I will skip further comment until such > time as the paper is published. > > It would've been nice if EFF had reached out to us for comment, rather > than apparently only talking to the paper authors. We hope they'll > reach out next time.
I see that the Inquirer is passing on the FUD. May I suggest that someone authoritative gets in touch with them to correct them. PGP is leaking your emails in plaintext and there's no known fix <https://www.theinquirer.net/inquirer/news/3032200/pgp-is-leaking-plaintext-versions-of-your-emails-and-theres-no-known-cure> Amongst other things this includes the following paragraph which, as I understand it, is essentially untrue: "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now," said Sebastian Schinzel <https://twitter.com/seecurity/status/995906576170053633>, a professor of computer security at the University. (Re-sent as my outgoing server got a "451-xx.xx.xx.xx+is+not+yet+authorized+to+deliver+mail+from" error first time round.) -- Mark Rousell PGP public key: http://www.signal100.com/markr/pgp Key ID: C9C5C162
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
