Thank you for your response.
I attached three files from the https://efail.de/ site. It shows that both
Thunderbird (isn't that icedove?) and Enigmail were vulnerable on more than
one vector as late as early 2018. I don't know if that information is
reliable, just notable.
Whoops, I meant to say that GpgME enabled clients are not vulnerable to
SigSpoof. I mixed that up.
The GnuPG package in Trisquel 8 does not seem to be vulnerable to maliciously
crafted embedded filenames anymore (which is the vulnerability that enabled
SigSpoof, as far as I remember). At least when I tested it, the embedded
filename got sanitized correctly.
I also checked Enigmail, and the
I found this page https://efail.de/ which has a list near the bottom of the
page under section heading "Responsible Disclosure".
It does date back at 05/2018. So is it solved or just ignored?
I read a bit about it on eff. Here is one link to a discussion
https://www.eff.org/deeplinks/2018/05/pgp-and-efail-frequently-asked-questions#html.
(am I allowed to do that?) Disabling HTML was one of the steps toward
protecting against the attacks.
There was mention of PGP and EFAIL. I s
> Interest in learning more about encryption keys and utilizing encryption
for email messages and other forms of contact lead me to view discussions
regarding fairly recently revealed exploits attacking encrypted messages
tricking email clients to expose and even transmit decrypted portions o
Hello,
Interest in learning more about encryption keys and utilizing encryption for
email messages and other forms of contact lead me to view discussions
regarding fairly recently revealed exploits attacking encrypted messages
tricking email clients to expose and even transmit decrypted port