[chiglug] EFF: Temporally Stop Using PGP for Encrypted E-mail

eviljoel eviljoel at linux.com
Tue May 15 01:41:16 UTC 2018 

Greetings,

I glossed over that article and they seem to make some good points. I
probably overreacted. There have been critical flaws in SSL/TLS and
nobody recommended you don't do online banking. You just make sure
you've updated to the latest browser.

If you follow the steps in Freddy's e-mail, you are probably fine to
continue using PGP. I guess I retract my prior recommendation. If you
have ever been sent sensitive information, it is especially important
you follow the steps Freddy recommended.

- eviljoel

On 05/14/2018 08:09 PM, sten wrote:
> https://protonmail.com/blog/pgp-vulnerability-efail/
> 
> Protonmail vehemently disagrees, and I think their reasoning is sound.
> 
> 
> 
> 
> 
> 
> -------- Original Message --------
> On May 14, 2018, 20:04, eviljoel < eviljoel at linux.com> wrote:
> 
> 
>     Greetings,
> 
>     There is a newly discovered vulnerability in PGP that allows attackers
>     to decrypted prior messages under certain conditions. The Electronic
>     Frontier Foundation (EFF) is recommending people stop using PGP for
>     encrypted communications until the problem has been fixed and the fix
>     has had time to be adopted by most users. I agree with their
>     recommendation. The EFF describes the vulnerability here:
> 
>     https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know-about-e-fail-and-pgp-flaw-0
> 
>     I kinda disagree with the EFF's tone in this e-mail. While Signal is a
>     great platform for text messaging and instant messaging, it really isn't
>     a replacement for e-mail. PGP encrypted E-mail works better with
>     threaded discussions and doesn't suffer from a single point of failure
>     like Signal does. Coming up with a new, decentralized discussion
>     platform with the same adoption rate of PGP/e-mail will be extremely
>     difficult. I hope that this problem is fixed quickly and doesn't mark
>     the end of PGP e-mail encryption.
> 
>     Sincerely,
>     eviljoel
> 
>     -- 
>     Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
>     A2BE 2D12 24D1 67CA 8830 DDE7 DFB3 676B 196D 6430
> 
>     _______________________________________________
>     discuss mailing list
>     discuss at lists.chicagolug.org
>     https://lists.chicagolug.org/mailman/listinfo/discuss

-- 
Let me teach you encrypted e-mail. eviljoel's PGP fingerprint:
A2BE 2D12 24D1 67CA 8830  DDE7 DFB3 676B 196D 6430

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <http://lists.chicagolug.org/pipermail/discuss/attachments/20180514/13e66376/attachment-0002.sig>

More information about the discuss mailing list