> I'm confused. I thought the whole efail thing was about crafting a > plain text message that says "Good signature verified" and fools the > user even though it was never run through pgp or had its signature > verified with s/mime.
I'd suggest reading the Efail paper. The vast majority of the news coverage was shoddy. Efail included two *completely separate* attacks in their paper, which the news media overwhelmingly conflated into a single attack. I'll call them Efail-1 and Efail-2 here. Efail-1 was what Werner is talking about here. It was a pretty bad blow to S/MIME, but far less so to OpenPGP, since OpenPGP has had countermeasures in place for almost twenty years. Efail-1's impact on OpenPGP was, is, minimal. Efail-2 wasn't an attack on OpenPGP at all, but instead showed how poorly email clients and/or email plugins communicated with GnuPG. It was possible for GnuPG to give a correct warning that someone was playing games with the message, and for the email client to disregard this warning and present it to the user as authentic. Efail-1 had minimal applicability to GnuPG; Efail-2 had none whatsoever (except, arguably, some of the messages GnuPG gave were ambiguous: I think they were, but Werner disagrees). _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users