Am Montag 14 Mai 2018 22:43:56 schrieb Andrew Gallagher: > > On 14 May 2018, at 18:32, Werner Koch <w...@gnupg.org> wrote: > > Well okay, with the new support of the Ehtmlfail paper we could now > > point to that paper and always hard error out if no MDC is used even for > > old algorithms. Shall we consider this?
> Yes, absolutely. I think this is the easiest and most effective technical > mitigation available. I completely agree, the paper shows problems with the current specifications, backend and frontend implementations. We should (help to) fix it in all three places. Best for GnuPG would be to not display contents which did not have integrity protection by either: a) MDC b) AEAD c) a signature over the whole contents from someone where it has been encrypted to (if this is feasable to detect). > With two interacting systems, neither should assume that the other > is behaving correctly. Note that it is not just email clients that are in danger. If you get a file with active contents (e.g. an HTML file, or a video reference) and you decrypt it as data on the command line it is fine up to there. But once you try to read or open it, you'll have a backchannel. > > Yes please, I consider this the minimum requirement for HTML based > > mails. Why sending email when you need to go online for reading them. > > And also disallow Javascript. How you only need to convince the mail > > content designers that they can't simply use the web page and send it as > > mail. That will be the hard part. > > Another thing we need to learn from this is that HTML elements may be a > privacy concern in plaintext mail, but they are a *security* concern in > encrypted mail. People clearly seem to want a way to send files with potentially active elements. So in my opinion the crypto standards and backends should be designed to allow this in the safest way possible. Best Regards, Bernhard -- www.intevation.de/~bernhard +49 541 33 508 3-3 Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998 Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users