Efail and Mutt
Vincent Lefevre
vincent at vinc17.org
Mon May 14 13:33:33 UTC 2018
About Efail <https://efail.de/>, you may be interested in this
discussion:
https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060315.html
Mutt is probably safe as not rendering HTML, but this isn't clear...
And piping a decrypted mail to a browser (e.g. if there is no
text/plain part, and an attacker can ensure that) is not safe.
Does it handle the GPG warning in a special way? The display of the
warning only is not sufficient since it can easily remain unnoticed
by the user.
--
Vincent Lefèvre <vincent at vinc17.net> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)
More information about the Mutt-dev
mailing list