undefined | Better HN

0 pointsupofadown6y ago0 comments

Yeah, the paper did not claim that the MDC was in any sense "stripped off messages". They instead claimed that the mail clients ignored the MDC error.

>I note that you didn't respond to the rest of my comment.

The TLS stuff? We are just quibbling here. You have an irrational hate of things called PGP. Nothing I can say is going to change that.

Added: You are the one that brought up the MDC stuff but that really is beside the point. The problem here is with the leakage that HTML emails allow. EFAIL would still have nothing to do with PGP even if MDC did not exist.

0 comments

2 comments · 1 top-level

seecurity6y ago· 1 in thread

Search the Enigmail forums for people who couldn't open their emails after GnuPG made MDCs mandatory (as a reaction of Efail). Especially people with old PGP keys were receiving non-MDC (SE) ciphertexts since ever. Mozilla's bugzilla (and a bank I heart of) were using non-MDC encryption. Reading the OpenPGP RFC, this is perfectly fine behaviour.

The Efail paper also describes a way to downgrade MDC ciphertexts to SE ciphertexts. This was known since 2015, but not addressed in OpenPGP.

So OpenPGP according to RFC 4880 allows SE packets with no MDC, and the MDC can be stripped away in a standard conforming way (tho with some guessing of bytes). If that isn't a problem with the OpenPGP standard, I don't know what is.

Just weeks after Efail, they made SE packets (those with no MDC) deprecated in the current RFC 4880bis. They were careful to not mention Efail, because it wasn't OpenPGP's fault. For some, it's never OpenPGP's fault.

upofadownOP6y ago

Interesting. I was not aware of this particular issue. Is this it?

* https://dev.gnupg.org/T3981

As mentioned in the discussion:

>Actually this is not related to the mentioned CVE because the issue we are talking about has not been tested by them.

So it appears that the EFAIL people could of prevented MDC from thwarting their attack if they had used a really old cypher. So, OK I will concede that EFAIL at least inspired a change in GPG. My original statement that GPG required no changes as a result of EFAIL is still correct as stated though.

We are still quibbling here. I don't think that S/MIME was deficient in any way with respect to EFAIL either. So all this discussion about MDC is still pointless to me.

j / k navigate · click thread line to collapse