Re: A postmortem on Efail

On Mon, May 21, 2018 at 11:19:18AM -1100, Mirimir wrote: > On 05/21/2018 02:31 AM, Ben McGinnes wrote: >> >> https://ssd.eff.org/en/blog/pgp-and-efail-frequently-asked-questions >> >> “What if I keep getting PGP emails? >> >> You can decrypt these emails via the command line. If you prefer not

Re: A postmortem on Efail

On Wed, May 23, 2018 at 12:15:58AM +0200, Steffen Nurpmeso wrote: > > I only use v1.4, and i will never never never never use anything > newer because that is very large and consists of an immense amount > of components that i really do not need. I receive keys via hkps:// > and sign, verify,

Re: A postmortem on Efail

Ben McGinnes wrote: |On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: |> On 21/05/2018 13:34, Ben McGinnes wrote: |> |>> I agree with most of the article and largely with the need to break ... |Mine too, it's why I keep a copy of 1.4 installed at all. It's

Re: A postmortem on Efail

On Tue, May 22, 2018 at 02:19:37AM +0100, Mark Rousell wrote: > On 21/05/2018 13:34, Ben McGinnes wrote: > >> I agree with most of the article and largely with the need to break >> compatibility to an ancient flawed design. Particularly since we >> still have a means of accessing those ancient

Re: A postmortem on Efail

On Tue, May 22, 2018 at 01:42:07AM +0100, Mark Rousell wrote: > On 21/05/2018 15:17, Mark H. Wood wrote: > >> Break backwards compatibility already: it’s time. Ignore the haters. I > >> trust you. > > (I understand that that's a quote of a discussion-opener from the write-up.) > > > > I'd like to

Re: A postmortem on Efail

On 21/05/2018 13:34, Ben McGinnes wrote: > I agree with most of the article and largely with the need to break > compatibility to an ancient flawed design. Particularly since we > still have a means of accessing those ancient formats if we have to in > the form of the GPG 1.4 branch. The

Re: A postmortem on Efail

On 21/05/2018 15:17, Mark H. Wood wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > (I understand that that's a quote of a discussion-opener from the write-up.) > > I'd like to first see how many haters can be won over by selling the > necessary

Re: A postmortem on Efail

On 21/05/2018 14:31, Ben McGinnes wrote: > I could have given them that benefit of the doubt on the initial > article too, but the FAQ they now have on the Surveillance > Self-Defense website does rather eviscerate any hope of that: > >

Re: A postmortem on Efail

On 21/05/2018 09:54, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/21/2018 04:07 AM, Mark Rousell wrote: >> I think you mean that support for 2.0.y has been dropped, surely? > No, I do mean that support for all PGP 2-related stuff has been dropped > from the current stable branch. Modern

Re: A postmortem on Efail

On 05/21/2018 02:31 AM, Ben McGinnes wrote: > On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote: >> On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: >>> >>> I do not want to create a conspiracy theory but it's wiggy that >>> EFF favors *NO* security ,pgp or s/mime, instead to fix the current

Re: A postmortem on Efail

On Mon, May 21, 2018 at 08:51:17AM -0400, Robert J. Hansen wrote: >> That being the *incredibly* unhelpful and likely actively harmful >> recommendation to remove encryption and decryption functionality from >> vulnerable MUAs. > > I blame the EFF for that more than I blame the Efail developers.

Re: A postmortem on Efail

On Sun, May 20, 2018 at 07:23:17AM +, Dmitry Gudkov wrote: > I want to get involved and give a damn! [applause] > Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. (I understand that that's a quote of a discussion-opener from the write-up.) I'd like to

Re: A postmortem on Efail

On Sun, May 20, 2018 at 01:43:07PM -1100, Mirimir wrote: > On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: >> >> I do not want to create a conspiracy theory but it's wiggy that >> EFF favors *NO* security ,pgp or s/mime, instead to fix the current >> possibilities and promote signal. > > I read

Re: A postmortem on Efail

> That being the *incredibly* unhelpful and likely actively harmful > recommendation to remove encryption and decryption functionality from > vulnerable MUAs. I blame the EFF for that more than I blame the Efail developers. I expect the people who develop new attacks to overstate their

Re: A postmortem on Efail

On Sun, May 20, 2018 at 02:26:47AM -0400, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > p

A postmortem on Efail

On 05/21/2018 04:07 AM, Mark Rousell wrote: > I think you mean that support for 2.0.y has been dropped, surely? No, I do mean that support for all PGP 2-related stuff has been dropped from the current stable branch. Modern GnuPG (≥ 2.1) can neither read nor write anything that has been generated

Re: A postmortem on Efail

On 20/05/2018 21:32, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 08:45 PM, Mark Rousell wrote: >> I think it is important that they can still do this with a maintained >> (2.x.y) code base. > > Support for PGP 2 has already been dropped from the current stable > branch, I don't

Re: A postmortem on Efail

On 05/19/2018 11:44 PM, Aleksandar Lazic wrote: > Hi Robert. > > On 20/05/2018 02:26, Robert J. Hansen wrote: >> Writing just for myself -- not for GnuPG and not for Enigmail and >> definitely not for my employer -- I put together a postmortem on Efail. >> You may find

Re: A postmortem on Efail

On 2018-05-20 07:26, Robert J. Hansen wrote: Writing just for myself -- not for GnuPG and not for Enigmail and definitely not for my employer -- I put together a postmortem on Efail. You may find it worth reading. You may also not. Your mileage will probably vary. :) https://medium.com

Re: A postmortem on Efail

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi On Sunday 20 May 2018 at 2:51:40 PM, in , Dirk Gottschalk via Gnupg-users wrote:- > I think the backwards compatiblity should be broken > to improve things. Backwards

Re: A postmortem on Efail

On 2018-05-20 at 02:26 -0400, Rob J Hansen wrote: > https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08 Excellent post. I favor breaking backwards compatibility and including in the shipped README a description of "The conditions under which we anticipate future b

Re: A postmortem on Efail

Am 20.05.2018 um 09:28 schrieb Robert J. Hansen : >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) Yes, please! I DO trust you! Juergen Polster ___ Gnupg-users mailing

A postmortem on Efail

On 05/20/2018 08:45 PM, Mark Rousell wrote: I presume that one day the 1.x.y code will reach end of life. There's no plan to terminate the 1.x branch. It will not gain any new features, but as stated by Werner Koch a few months ago, it "will be kept alive for use with PGP 2 encrypted and

Re: A postmortem on Efail

On 20/05/2018 20:16, Damien Goutte-Gattat via Gnupg-users wrote: > On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote: >> It would be possible to implement something like --legacy to >> re-enable the old functionality. > > For information, for the problem at hand, two things have been

A postmortem on Efail

On 05/20/2018 02:51 PM, Dirk Gottschalk via Gnupg-users wrote: It would be possible to implement something like --legacy to re-enable the old functionality. For information, for the problem at hand, two things have been done in that direction: In GnuPG itself: GnuPG will now error out when

Re: A postmortem on Efail

On 20/05/2018 11:44, Aleksandar Lazic wrote: > I do not want to create a conspiracy theory but it's wiggy that > EFF favors *NO* security ,pgp or s/mime, instead to fix the current > possibilities and promote signal. > > As serveral people mentioned in the different Internet medias is signal > not

Re: A postmortem on Efail

On 20/05/2018 14:51, Dirk Gottschalk via Gnupg-users wrote: > I think the backwards compatiblity should be broken to improve things. > It would be possible to implement something like --legacy to re-enable > the old functionality. Agreed. > This could also be implemented in email clients > and

Re: A postmortem on Efail

On 20/05/2018 12:11, Philipp Klaus Krause wrote: > I don't think breaking backwards-compability is an all-or-nothing question. > > IMO, it is important to still be able to decrypt old data. On the other > hand one wants sane, secure use with current data. > The functionality needed to decrpyt old

Re: A postmortem on Efail

Hi. Am Sonntag, den 20.05.2018, 02:26 -0400 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. > You may find it worth reading. You may also not. Your mileage wil

Re: A postmortem on Efail

Am 20.05.2018 um 08:26 schrieb Robert J. Hansen: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :

Re: A postmortem on Efail

Hi Robert. On 20/05/2018 02:26, Robert J. Hansen wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > p

Re: A postmortem on Efail

I've used PGP ever since I discovered it when I ran a BBS back in the late 80's early 90's. I rarely post but always listening. Definitely time to break backward compatibility if it will help move it forward! Go for it! On 5/20/2018 3:28 AM, Robert J. Hansen wrote: >> Break backwards

Re: A postmortem on Efail

> On 20 May 2018, at 07:26, Robert J. Hansen <r...@sixdemonbag.org> wrote: > > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on Efail. > You may find it worth reading. You may al

Re: A postmortem on Efail

On Sun, 20 May 2018 02:26:47 -0400 "Robert J. Hansen" <r...@sixdemonbag.org> wrote: > Writing just for myself -- not for GnuPG and not for Enigmail and > definitely not for my employer -- I put together a postmortem on > Efail. You may find it worth reading. You may

Re: A postmortem on Efail

gether a postmortem on Efail. > You may find it worth reading. You may also not. Your mileage will > probably vary. :) > > https://eur04.safelinks.protection.outlook.com/?url=https%3A%2F%2Fmedium.com%2F%40cipherpunk%2Fefail-a-postmortem-4bef2cea4c08=02%7C01%7C%7Cc13b709433394c

Re: A postmortem on Efail

“We be of one blood, ye and I” ― Rudyard Kipling, The Jungle Books On 20/05/2018 10:28, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) > ___ Gnupg-users mailing list

Re: A postmortem on Efail

On 05/19/2018 08:28 PM, Robert J. Hansen wrote: >> Break backwards compatibility already: it’s time. Ignore the haters. I >> trust you. > > :) :) :) :) :) I'm OK with that :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org

Re: A postmortem on Efail

> Break backwards compatibility already: it’s time. Ignore the haters. I > trust you. :) :) :) :) :) ___ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users

A postmortem on Efail

Writing just for myself -- not for GnuPG and not for Enigmail and definitely not for my employer -- I put together a postmortem on Efail. You may find it worth reading. You may also not. Your mileage will probably vary. :) https://medium.com/@cipherpunk/efail-a-postmortem-4bef2cea4c08