On Mon, 14 Oct 2019 10:54, Phillip Susi said: >> encryption protocol is S/MIME and the last time I checked S/MIME (well, >> CMS for the nitpickers) does not supoport any kind of authenticated >> encryption. In contarst OpenPGP provides this nearly for 2 decades. > > What do you mean? S/MIME authenticates the user's identity via the CA.
authenticated encryption is different from signed and encrypted mails. There are relative easy attacks on the encryption layer if standard encryption modes like CBC (as in S/MIME) are used. Whether this really affects users is a different question but they can be used to leverage implementation flaws in MUAs to full plaintext leaks. This is known for 20 years and made it last year again to the media under the term EFAIL. Granted, encrypted+signed mails can to a large extend also mitigate the threat. But there are still reasons why signatures can't be used or need to be verified only at a latter time in the workflow. OpenPGP had a mitigation against this since 2000 and was widely deployed by 2003. However S/MIME never implemented this despite of 10 years old RFCs describing methods for such a mitigation, called authenticated encryption (AE or AEAD). Salam-Shalom, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users