Hacker News new | past | comments | ask | show | jobs | submit login
Attacking end-to-end email encryption [video] (ccc.de)
70 points by DyslexicAtheist on Dec 29, 2018 | hide | past | favorite | 3 comments



"Be careful about pre-announcements because people will overrate the risk". It does not help their case when the pre-announcement is done through EFF that essentially says "GPG is broken". This is a horrendous strategy and only spreads false information. They did this. They are these "people" they are talking about.

They are still downplaying the partial disclosure with EFF. That is disappointing and complaining about GnuPG breaking the embargo, after the partial-disclosure, is nothing but a red herring. Further projects started talking about the details regardless as the EFF partial disclosure was horrendous.


A short redaction from this comment. I met up with Sebastian at 35C3 and we talked about it. We don't really disagree. He talked about their motivation for doing it in the first place, along with the larger community backslash and lessons learned.


I have no idea what you're trying to say here. If GnuPG's handling of this incident is a "red herring", you certainly haven't explained how. Here, again, is the timeline of what actually happened during the Efail disclosure process:

http://flaked.sockpuppet.org/2018/05/16/a-unified-timeline.h...

"Partial disclosures" are problematic because people guess vulnerabilities from clues in the disclosure. But that's not what happened here. Instead, GnuPG appears to have (1) overly broken the embargo by circulating copies of the paper pre-release and (2) despite failing to honor the embargo, not even getting its own team access to the paper sufficient to fix the problem. Neither of those are problems due to "partial disclosure".




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: