Re: A postmortem on Efail

On Mon, May 21, 2018 at 11:19:18AM -1100, Mirimir wrote: > On 05/21/2018 02:31 AM, Ben McGinnes wrote: >> >> https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions >> >> “What if I keep getting PGP emails? >> >> You can decrypt these emails via the command line. If you prefer not

Re: A postmortem on Efail

On Wed, May 23, 2018 at 12:15:58AM +0200, Steffen Nurpmeso wrote: > > I only use v1.4, and i will never never never never use anything > newer because that is very large and consists of an immense amount > of components that i really do not need. I receive keys via hkps:// > and sign, verify,

Re: A postmortem on Efail

Ben McGinnes wrote: |On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: |> On 21/05/2018 13:34, Ben McGinnes wrote: |> |>> I agree with most of the article and largely with the need to break ... |Mine too, it's why I keep a copy of 1.4 installed at all. It's

Re: A postmortem on Efail

On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: > On 21/05/2018 13:34, Ben McGinnes wrote: > >> I agree with most of the article and largely with the need to break >> compatibility to an ancient flawed design. Particularly since we >> still have a means of accessing those ancient

Re: A postmortem on Efail

On Tue, May 22, 2018 at 01:42:07AM +0100, Mark Rousell wrote: > On 21/05/2018 15:17, Mark H. Wood wrote: > >> Break backwards compatibility already: it’s time. Ignore the haters. I > >> trust you. > > (I understand that that's a quote of a discussion-opener from the write-up.) > > > > I'd like to

Re: A postmortem on Efail

On 21/05/2018 13:34, Ben McGinnes wrote: > I agree with most of the article and largely with the need to break > compatibility to an ancient flawed design. Particularly since we > still have a means of accessing those ancient formats if we have to in > the form of the GPG 1.4 branch. The

Re: A postmortem on Efail

On 21/05/2018 15:17, Mark H. Wood wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > (I understand that that's a quote of a discussion-opener from the write-up.) > > I'd like to first see how many haters can be won over by selling the > necessary

Re: A postmortem on Efail

On 21/05/2018 14:31, Ben McGinnes wrote: > I could have given them that benefit of the doubt on the initial > article too, but the FAQ they now have on the Surveillance > Self-Defense website does rather eviscerate any hope of that: > >

Re: A postmortem on Efail

On 21/05/2018 09:54, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/21/2018 04:07 AM, Mark Rousell wrote: >> I think you mean that support for 2.0.y has been dropped, surely? > No, I do mean that support for all PGP 2-related stuff has been dropped > from the current stable branch. Modern

Re: A postmortem on Efail

On 05/21/2018 02:31 AM, Ben McGinnes wrote: > On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote: >> On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: >>> >>> I do not want to create a conspiracy theory but it's wiggy that >>> EFF favors *NO* security ,pgp or s/mime, instead to fix the current

Re: A postmortem on Efail

On Mon, May 21, 2018 at 08:51:17AM -0400, Robert J. Hansen wrote: >> That being the *incredibly* unhelpful and likely actively harmful >> recommendation to remove encryption and decryption functionality from >> vulnerable MUAs. > > I blame the EFF for that more than I blame the Efail developers.

Re: A postmortem on Efail

On Sun, May 20, 2018 at 07:23:17AM +, Dmitry Gudkov wrote: > I want to get involved and give a damn! [applause] > Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. (I understand that that's a quote of a discussion-opener from the write-up.) I'd like to

Re: A postmortem on Efail

On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote: > On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: >> >> I do not want to create a conspiracy theory but it's wiggy that >> EFF favors *NO* security ,pgp or s/mime, instead to fix the current >> possibilities and promote signal. > > I read

Re: A postmortem on Efail

> That being the *incredibly* unhelpful and likely actively harmful > recommendation to remove encryption and decryption functionality from > vulnerable MUAs. I blame the EFF for that more than I blame the Efail developers. I expect the people who develop new attacks to overstate their

Re: A postmortem on Efail

On Sun, May 20, 2018 at 02:26:47AM -0400, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary.

Re: A postmortem on Efail

On 20/05/2018 21:32, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 08:45 PM, Mark Rousell wrote: >> I think it is important that they can still do this with a maintained >> (2.x.y) code base. > > Support for PGP 2 has already been dropped from the current stable > branch, I don't

Re: A postmortem on Efail

On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: > Hi Robert. > > On 20/05/2018 02:26, Robert J. Hansen wrote: >> Writing just for myself -- not for GnuPG and not for Enigmail and >> definitely not for my employer -- I put together a postmortem on Efail. >> You may find it worth reading. You may

Re: A postmortem on Efail

On 2018-05-20 07:26, Robert J. Hansen wrote: Writing just for myself -- not for GnuPG and not for Enigmail and definitely not for my employer -- I put together a postmortem on Efail. You may find it worth reading. You may also not. Your mileage will probably vary. :)

Re: A postmortem on Efail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 20 May 2018 at 2:51:40 PM, in , Dirk Gottschalk via Gnupg-users wrote:- > I think the backwards compatiblity should be broken > to improve things. Backwards

Re: A postmortem on Efail

On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote: > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 Excellent post. I favor breaking backwards compatibility and including in the shipped README a description of "The conditions under which we anticipate future backwards

Re: A postmortem on Efail

Am 20.05.2018 um 09:28 schrieb Robert J. Hansen : >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) Yes, please! I DO trust you! Juergen Polster ___ Gnupg-users mailing

Re: A postmortem on Efail

On 20/05/2018 20:16, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote: >> It would be possible to implement something like --legacy to >> re-enable the old functionality. > > For information, for the problem at hand, two things have been

Re: A postmortem on Efail

On 20/05/2018 11:44, Aleksandar Lazic wrote: > I do not want to create a conspiracy theory but it's wiggy that > EFF favors *NO* security ,pgp or s/mime, instead to fix the current > possibilities and promote signal. > > As serveral people mentioned in the different Internet medias is signal > not

Re: A postmortem on Efail

On 20/05/2018 14:51, Dirk Gottschalk via Gnupg-users wrote: > I think the backwards compatiblity should be broken to improve things. > It would be possible to implement something like --legacy to re-enable > the old functionality. Agreed. > This could also be implemented in email clients > and

Re: A postmortem on Efail

On 20/05/2018 12:11, Philipp Klaus Krause wrote: > I don't think breaking backwards-compability is an all-or-nothing question. > > IMO, it is important to still be able to decrypt old data. On the other > hand one wants sane, secure use with current data. > The functionality needed to decrpyt old

Re: A postmortem on Efail

Hi. Am Sonntag, den 20.05.2018, 02:26 -0400 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. > You may find it worth reading. You may also not. Your mileage will > probably

Re: A postmortem on Efail

Am 20.05.2018 um 08:26 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > >

Re: A postmortem on Efail

Hi Robert. On 20/05/2018 02:26, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > >

Re: A postmortem on Efail

I've used PGP ever since I discovered it when I ran a BBS back in the late 80's early 90's. I rarely post but always listening. Definitely time to break backward compatibility if it will help move it forward! Go for it! On 5/20/2018 3:28 AM, Robert J. Hansen wrote: >> Break backwards

Re: A postmortem on Efail

> On 20 May 2018, at 07:26, Robert J. Hansen wrote: > > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will >

Re: A postmortem on Efail

On Sun, 20 May 2018 02:26:47 -0400 "Robert J. Hansen" wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. You may find it worth reading. You may also not. Your > mileage

Re: A postmortem on Efail

I want to get involved and give a damn! Break backwards compatibility already: it’s time. Ignore the haters. I trust you. On 20/05/2018 09:26, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a

Re: A postmortem on Efail

“We be of one blood, ye and I” ― Rudyard Kipling, The Jungle Books On 20/05/2018 10:28, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) > ___ Gnupg-users mailing list

Re: A postmortem on Efail

On 05/19/2018 08:28 PM, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) I'm OK with that :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: A postmortem on Efail

> Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. :) :) :) :) :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users