Drilling down, one finds a link to a paper from Usenix Security 2018: "Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels", by Damian Poddebniak et al. [0]
Hmmm. I am more sympathetic to the author, since they might expect familiarity with their previous post on the topic. Still, am glad that I stopped reading after that quote because I personally misunderstood their meaning.
I understood their claim to be about a bug in PGP. I did not interpret it as a reference to Efail, which was (IIRC) a misuse of PGP by certain email viewer. From the Efail paper:
> However, both
> S/MIME and PGP predate these developments and use
> no authentication at all (S/MIME) or do not strictly com-
> mit to the requirements of an AE, which makes them eas-
> ier to misuse (PGP).
IIRC, properly configured senders & receivers should fail the MAC check and should not attempt to display tampered HTML. This has been the default behavior in PGP for some time, but I am still sympathetic to PGP haters. It's a papercut machine.
I understood their claim to be about a bug in PGP. I did not interpret it as a reference to Efail, which was (IIRC) a misuse of PGP by certain email viewer. From the Efail paper:
IIRC, properly configured senders & receivers should fail the MAC check and should not attempt to display tampered HTML. This has been the default behavior in PGP for some time, but I am still sympathetic to PGP haters. It's a papercut machine.