From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!.POSTED!not-for-mail From: Joost Kremers Newsgroups: gmane.emacs.devel Subject: Re: Emacs/Mutt and Efail or OpenPGP is safer than S/MIME? Date: Wed, 16 May 2018 21:52:40 +0200 Message-ID: <87603ns7hz.fsf@fastmail.fm> References: <878t8lfgu3.fsf@mat.ucm.es> <83o9hfk311.fsf@gnu.org> <87lgcjo736.fsf@igel.home> <831sebjyb2.fsf@gnu.org> NNTP-Posting-Host: blaine.gmane.org Mime-Version: 1.0 Content-Type: text/plain; format=flowed X-Trace: blaine.gmane.org 1526500250 20926 195.159.176.226 (16 May 2018 19:50:50 GMT) X-Complaints-To: usenet@blaine.gmane.org NNTP-Posting-Date: Wed, 16 May 2018 19:50:50 +0000 (UTC) User-Agent: mu4e 1.1.0; emacs 25.3.50.1 Cc: oub@mat.ucm.es, Andreas Schwab , rms@gnu.org, emacs-devel@gnu.org To: Eli Zaretskii Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Wed May 16 21:50:46 2018 Return-path: Envelope-to: ged-emacs-devel@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by blaine.gmane.org with esmtp (Exim 4.84_2) (envelope-from ) id 1fJ2Rh-0005K2-Gs for ged-emacs-devel@m.gmane.org; Wed, 16 May 2018 21:50:45 +0200 Original-Received: from localhost ([::1]:37105 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJ2To-0003ik-NE for ged-emacs-devel@m.gmane.org; Wed, 16 May 2018 15:52:56 -0400 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:40317) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1fJ2Th-0003ht-Eh for emacs-devel@gnu.org; Wed, 16 May 2018 15:52:50 -0400 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1fJ2Tg-0003Ek-KA for emacs-devel@gnu.org; Wed, 16 May 2018 15:52:49 -0400 Original-Received: from out1-smtp.messagingengine.com ([66.111.4.25]:56585) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32) (Exim 4.71) (envelope-from ) id 1fJ2Td-0003CX-8t; Wed, 16 May 2018 15:52:45 -0400 Original-Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 6D004221E1; Wed, 16 May 2018 15:52:43 -0400 (EDT) Original-Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Wed, 16 May 2018 15:52:43 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; bh=AgqQRtZBgKHUxMURyrmXUpdhqI4AMoWmp6FUTW755T8=; b=L9HM8Fql y0yfGuKwRlP5oBoG2bDjR5nMthIW9ppZnkQTYm5Q7C5jrRZJwmkERkgLSP2dGtqK AvSp2c2pyGThfD22LwVQBENLV2esKy1h/6rEjINU3IklbkXbhY4lAOJuZ9avZljV gzaO0lQCZ6nzA2p2bJDVL7DPewn9C85LUzxSL/oKUqiWIZZlSVjH+7qycqAn8iGv xrYjtYhJ6dJiN1yMar0K6PmNKTEKSEse3B6tLQNXwYiWwJ/eMqYNTogAxNA4D+nb g4x3Jxfq2rwL48j7LB/q1InmX3tdeDLUR2FXi+R+oadv3gy9gVCMdBJWeKf1g6dO Wjl8FtkKr3PrZg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-sender :x-me-sender:x-sasl-enc; s=fm2; bh=AgqQRtZBgKHUxMURyrmXUpdhqI4AM oWmp6FUTW755T8=; b=ZYo8ZgQC3frhFcg0z3Edh6k4jrLUJ197lmaKzNsYsIS9R +B1y/vrmf7SYck6kcbXzc161/DNzxeIN7uZmqIfu0kue1lVi9EdvMGETFoyIOIdc bXyN8kSniiyJq91zsqJix643F1b3bhXLIzLyHQnTOljgN8RpP8phgXGZ9GuAs1oa rbKCdjbBAbEtGjU2tTb7xdxZSBOikHoYCH7gb10R3W2BBXfRMJ/e7jx9mmUD7V5D ZgthSmWsCeW10tdBIgLTf4ILmwwvP/2PYLvQ3MU5AljcsQuCRxnGDb87iioIvsmT c4njA7n96zQhEvhJEzyOB67luDiNBK4+f19gIMxtw== X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Proxy: X-ME-Sender: Original-Received: from IdeaPad.fastmail.com (dslb-084-063-252-129.084.063.pools.vodafone-ip.de [84.63.252.129]) by mail.messagingengine.com (Postfix) with ESMTPA id 7B3761025D; Wed, 16 May 2018 15:52:42 -0400 (EDT) In-reply-to: <831sebjyb2.fsf@gnu.org> X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] [fuzzy] X-Received-From: 66.111.4.25 X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane.org@gnu.org Original-Sender: "Emacs-devel" Xref: news.gmane.org gmane.emacs.devel:225349 Archived-At: On Wed, May 16 2018, Eli Zaretskii wrote: > (And private/secret correspondence shouldn't include such > external > references in the first place, IMHO.) Sure, but if I understand EFAIL correctly, it's not about you or your interlocutor including external references into encrypted emails. It's about an attacker sending you a carefully crafted malicious email that contains the encrypted version of another email that you once sent or received and which the attacker got a hold of (e.g., by gaining access to your ISP's mail server, or by intercepting it while in transit, or whatever). It's this malicious email that contains external references, not your original email that the attacker is trying to decrypt. At least, that's my limited understanding of the issue... -- Joost Kremers Life has its moments