Am 06.06.2018 um 20:19 schrieb Werner Koch:
> Thanks for responding. However, my question was related to the claims
> in the paper about using CRL and OCSP as back channels. This created the
> impression that, for example, the certificates included in an encrypted
> CMS object could be modified
Hi!
Thanks for responding. However, my question was related to the claims
in the paper about using CRL and OCSP as back channels. This created the
impression that, for example, the certificates included in an encrypted
CMS object could be modified in a way that, say, the DP could be change
in
On Mon, 21 May 2018 19:11, r...@sixdemonbag.org said:
> Efail is not just an HTML rendering bug. It includes very real
> attacks against S/MIME as it's used by thousands of corporations.
I have not yet seen any hints on how a back-channel within the S/MIME
protocol can work. There are claims
On 21.05.18 16:56, Klaus Römer wrote:
> Internet works because we have standards.
> Rfc 3986 states that URLs have to be ecoded.
> Redering-Engies which send unencodes content including whitespaces and
> newlines to an external Server are seriously broken.
>
> (Only to point the finger at the
(Only to point the finger at the real bug)
Efail is not just an HTML rendering bug. It includes very real attacks
against S/MIME as it's used by thousands of corporations.
It's true that the cryptanalytic attack on OpenPGP is pretty much
nothing. But even then, there's room to argue
Internet works because we have standards.
Rfc 3986 states that URLs have to be ecoded.
Redering-Engies which send unencodes content including whitespaces and newlines
to an external Server are seriously broken.
(Only to point the finger at the real bug)
Kind Regards,
Klaus
