[Gpg4win-devel] efail -> improvements
Werner Koch
wk at gnupg.org
Tue May 15 14:20:05 CEST 2018
On Tue, 15 May 2018 08:47, bernhard at intevation.de said:
>> c) a signature over the whole contents from someone where it has been
>> encrypted to (if this is feasable to detect).
That is useless. It is easy to add an arbitrary recipient to a message
and you can't know whether this legitimate (e.g. archiving key) or
a faked recipient (with a bogus session key; which we can't detect).
> We should change all Gpg4win frontends (like GpgOL, Kleo, GpgEX, GPA)
> to honor the warnings and error messages that GnuPG already shows.
GPGME does that. GpgEx is not a frontend but a trigger with no crypto
at all.
Shalom-Salam,
Werner
--
# Please read: Daniel Ellsberg - The Doomsday Machine #
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20180515/8802978e/attachment.sig>
More information about the Gpg4win-devel
mailing list