nanog mailing list archives
Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent
From: Mike Hammett <nanog () ics-il net>
Date: Tue, 15 May 2018 07:43:35 -0500 (CDT)
Encrypted e-mail is so incredibly niche, this won't affect almost everyone. ----- Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com ----- Original Message ----- From: "George William Herbert" <george.herbert () gmail com> To: nanog () nanog org Sent: Monday, May 14, 2018 2:43:25 AM Subject: Email security: PGP/GPG & S/MIME vulnerability drop imminent This is likely bad enough operators need to pay attention. @seecurity tweeted: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4" Thread starts here: https://twitter.com/seecurity/status/995906576170053633?s=21 I have no particular insight into what it is other than presuming from thread that decryption can be tricked to do bad things. They recommend temporary disabling downthread: "There are currently no reliable fixes for the vulnerability. If you use PGP/GPG or S/MIME for very sensitive communication, you should disable it in your email client for now. Also read @EFF’s blog post on this issue: eff.org/deeplinks/2018… #efail 2/4" -george Sent from my iPhone
Current thread:
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent, (continued)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Stephen Satchell (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Alan Buxey (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Hunter Fuller (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Rob McEwen (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Jim Shankland (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent nanog (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent bzs (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Mark Rousell (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Octavio Alvarez (May 16)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent John Levine (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Max Tulyev (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent John Levine (May 15)
- Re: Email security: PGP/GPG & S/MIME vulnerability drop imminent Max Tulyev (May 15)