[tennysont]

Despite my prior bias to agree with article, it includes this extraordinary line:

> So, for example, it recently turned out to be possible for eavesdroppers to decrypt messages without a key, simply by tampering with encrypted messages. Most technologists who work with PGP don’t understand it at a low enough level to see what’s wrong with it.

without citation. Such a writing choice makes me pause.

[boisterousness]

Drilling down, one finds a link to a paper from Usenix Security 2018: "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels", by Damian Poddebniak et al. [0]

[0] https://www.usenix.org/system/files/conference/usenixsecurit...

[tennysont]

Hmmm. I am more sympathetic to the author, since they might expect familiarity with their previous post on the topic. Still, am glad that I stopped reading after that quote because I personally misunderstood their meaning.

I understood their claim to be about a bug in PGP. I did not interpret it as a reference to Efail, which was (IIRC) a misuse of PGP by certain email viewer. From the Efail paper:

  > However, both
  > S/MIME and PGP predate these developments and use
  > no authentication at all (S/MIME) or do not strictly com-
  > mit to the requirements of an AE, which makes them eas-
  > ier to misuse (PGP).

IIRC, properly configured senders & receivers should fail the MAC check and should not attempt to display tampered HTML. This has been the default behavior in PGP for some time, but I am still sympathetic to PGP haters. It's a papercut machine.