[Gpg4win-users-en] Security warning by EFF ?
aheinecke at intevation.de
Mon May 14 10:20:14 CEST 2018
On Monday, May 14, 2018 9:49:20 AM CEST Andre Heinecke wrote:
> On Monday, May 14, 2018 9:17:24 AM CEST Martin wrote:
> > What's about this security warning by EFF ?
> > https://www.eff.org/deeplinks/2018/05/attention-pgp-users-new-vulnerabilities-require-you-take-action-now
> As far as we know neither Gpg4win nor GnuPG or GpgOL is seriously
> affected by anything in that paper.
To expand on this: We got a look at the Paper although neither GpgOL nor GnuPG
were directly contacted by the Researcher. As the main developer of GpgOL I
was not made aware of any security issue for GpgOL in advance.
As we see it only clients which ignore MDC failures are seriously affected
regarding OpenPGP. This is not the case for GpgOL.
It might be that problems exists regarding S/MIME together with the HTML
parsing in Outlook. But as said, we currently are not aware of any. Also note
that S/MIME support is disabled by default in GpgOL. You might want to
deactivate S/MIME Support temporarily until that paper is published.
Also see Werner Koch comment on the gnupg-users mailing list about this:
Andre Heinecke | ++49-541-335083-262 | http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 228 bytes
Desc: This is a digitally signed message part.
More information about the Gpg4win-users-en