Security Medium (via Scribe)

An Efail postmortem   ↦

Efail caused a panic at the disco:

… some researchers in Europe published a paper with the bombshell title “Efail: Breaking S/MIME and OpenPGP Email Encryption using Exfiltration Channels.” There were a lot of researchers on that team but in the hours after release Sebastian Schinzel took the point on Twitter for the group.

Oh, my, did the email crypto world blow up. The following are some thoughts that have benefited from a few days for things to settle.

Lots of interesting insights here, perhaps most controversially how the EFF’s handling of the situation may have done more harm than good in the author’s opinion. Also:

we could stand to have a renewed appreciation for OpenPGP’s importance to not just email crypto, but the global economy.

I can say I definitely have more appreciation for it after reading this than I did before. I hadn’t thought about its influence (which is huge) outside of encrypted email.


Discussion

Sign in or Join to comment or subscribe

Player art
  0:00 / 0:00