undefined | Better HN

0 pointstptacek6y ago0 comments

There were no changes in TLS after Bleichenbacher '98; instead, implementations just incorporated increasingly hacky workarounds. The PGP post upthread details the problems with the MDC, and the compounding implementation flaw in GPG that released unauthenticated plaintext to callers.

That MDC-era PGP remains the global standard, and that GPG continues to release unauthenticated plaintext to callers, just calls out further the impossibly compromised position PGP-based cryptosystems are in. You can try to do things like Sequoia that modernize PGP, but nobody in the installed base will be compatible with you, and the most popular and important "driver" of the protocol (again, GPG) is disinterested in mitigating the flaws of legacy PGP.

You can choose not to call GPG the PGP reference implementation, and there's no formal declaration anywhere saying that, but, it obviously is.

0 pointstptacek6y ago0 comments

You can choose not to call GPG the PGP reference implementation, and there's no formal declaration anywhere saying that, but, it obviously is.

0 comments

3 comments · 1 top-level

upofadown6y ago· 2 in thread

It is odd you bring up MDC in the context of EFAIL as the EFAIL researchers were unable to come up with an exploit that MDC did not detect. Even if you feel that GPG should of anticipated EFAIL that means that OpenPGP as a protocol was secure against EFAIL.

It is entirely accurate to say that EFAIL in not applicable to OpenPGP. You might not like MDC but you have to admit that EFAIL is not an example of any sort of a weakness in MDC.

tptacekOP6y ago

I feel like we're not reading the same paper. The EFail paper I'm reading has a prominent chart showing which implementations it was possible to break the MDC in, and a section detailing how the MDC can be straightforwardly stripped off messages.

I note that you didn't respond to the rest of my comment.

upofadown6y ago

Yeah, the paper did not claim that the MDC was in any sense "stripped off messages". They instead claimed that the mail clients ignored the MDC error.

>I note that you didn't respond to the rest of my comment.

The TLS stuff? We are just quibbling here. You have an irrational hate of things called PGP. Nothing I can say is going to change that.

Added: You are the one that brought up the MDC stuff but that really is beside the point. The problem here is with the leakage that HTML emails allow. EFAIL would still have nothing to do with PGP even if MDC did not exist.

1 more reply

j / k navigate · click thread line to collapse