On 15.05.18 21:59, Michael Carbone wrote: > On 05/14/18 07:31, Patrick Brunschwig wrote: >> On 14.05.18 08:54, Michael Carbone wrote: >>> https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now >>> >>> >>> >>> https://www.eff.org/deeplinks/2018/05/disabling-pgp-thunderbird-enigmail >>> >>> looking forward to hearing more soon... >> >> The recommendation of the EFF is simply wrong. Enigmail contains fixes >> or workarounds for the described attacks latest since Enigmail version >> 2.0. > > okay thanks for the clarification Patrick. > >> There is one attack that affects both Enigmail and Thunderbird with >> S/MIME, and will be fixed in Thunderbird 52.8 (yet to be released) > Given that there seems to be one attack that does affect Enigmail, and > the potential exfiltration pathways listed in the paper, would you > recommend waiting for these fixes to come out prior to re-enabling > Enigmail?
The correct response is to view messages as plain text (menu View > Message Body as > Plain Text). That bug is actually in Thunderbird an cannot be fixed in Enigmail. Any other attacks can be and _are_ addressed in Enigmail. Therefore there is no reason to deactivate Enigmail, especially as S/MIME in Thunderbird is affected by the same issues -- and S/MIME cannot be deactivated. -Patrick
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net
