On 05/14/18 07:31, Patrick Brunschwig wrote:
On 14.05.18 08:54, Michael Carbone wrote:
https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail
looking forward to hearing more soon...
The recommendation of the EFF is simply wrong. Enigmail contains fixes
or workarounds for the described attacks latest since Enigmail version 2.0.
okay thanks for the clarification Patrick.
There is one attack that affects both Enigmail and Thunderbird with
S/MIME, and will be fixed in Thunderbird 52.8 (yet to be released)
Given that there seems to be one attack that does affect Enigmail, and
the potential exfiltration pathways listed in the paper, would you
recommend waiting for these fixes to come out prior to re-enabling Enigmail?
Thanks,
Michael
_______________________________________________
enigmail-users mailing list
enigmail-users@enigmail.net
To unsubscribe or make changes to your subscription click here:
https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
