|
|
|
|
|
|
by tennysont
69 days ago
|
|
|
Hmmm. I am more sympathetic to the author, since they might expect familiarity with their previous post on the topic. Still, am glad that I stopped reading after that quote because I personally misunderstood their meaning. I understood their claim to be about a bug in PGP. I did not interpret it as a reference to Efail, which was (IIRC) a misuse of PGP by certain email viewer. From the Efail paper: > However, both
> S/MIME and PGP predate these developments and use
> no authentication at all (S/MIME) or do not strictly com-
> mit to the requirements of an AE, which makes them eas-
> ier to misuse (PGP).
IIRC, properly configured senders & receivers should fail the MAC check and should not attempt to display tampered HTML. This has been the default behavior in PGP for some time, but I am still sympathetic to PGP haters. It's a papercut machine. |
|
|