About Efail <https://efail.de/>, you may be interested in this discussion:
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html Mutt is probably safe as not rendering HTML, but this isn't clear... And piping a decrypted mail to a browser (e.g. if there is no text/plain part, and an attacker can ensure that) is not safe. Does it handle the GPG warning in a special way? The display of the warning only is not sufficient since it can easily remain unnoticed by the user. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
