On 05/21/18 08:34, Ben McGinnes wrote: > To say, “we have this edge case scenario that really needs an active > targeted attack on a case by case basis, so everyone should just stop > integrating encryption” is the kind of thing that can get people > killed.
Indeed. "There is a possible attack against this encryption, so stop encrypting your mail" is poor advice. "There is a possible attack against this encryption, be vigilant, turn off HTML mail rendering to help mitigate the attack until fixed" would have been much better advice. > So in my opinion it's not the merits or lack thereof in the > demonstrated attacks they released that have the gravest consequence > here, it's that the number one recommended mitigation technique is to > remove cryptographic functions from MUAs. Even though they still said > to basically perform those functions manually and independently, which > does imply not opposing using cryptography itself. It's still a > recommendation which is sure to create far more dangerous outcomes for > end users. Agreed. The probable outcome of the majority of at-risk individuals trying to securely encrypt their mail manually to avoid this vulnerability would be to decrease, not increase, their safety and security. -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958
signature.asc
Description: OpenPGP digital signature
_______________________________________________ enigmail-users mailing list enigmail-users@enigmail.net To unsubscribe or make changes to your subscription click here: https://admin.hostpoint.ch/mailman/listinfo/enigmail-users_enigmail.net