ietf-openpgp
[Top] [All Lists]

Re: [openpgp] Spoofing OpenPGP and S/MIME Signatures in Emails

2019-05-04 14:49:21
Yes, GPGME does not conflate the status and logging output stream, and
thus is not vulnerable to this attack.

On 5/4/19 1:08 PM, Albrecht Dreß wrote:
Hi,

thanks a lot for your great work!

Just an additional question regarding the “GPG Api” attacks – can we
assume that all applications using gpgme (like Balsa,
<https://pawsa.fedorapeople.org/balsa/>) to talk to gpg are not
vulnerable regarding this attack class, as the lib handles cases G1 and
G2 properly?

Thanks,
Albrecht.

On 30.04.19 14:29, ilf wrote:
https://github.com/RUB-NDS/Johnny-You-Are-Fired
https://raw.githubusercontent.com/RUB-NDS/Johnny-You-Are-Fired/master/paper/johnny-fired.pdf

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp


-- 
Dipl.-Math. Marcus Brinkmann

Lehrstuhl für Netz- und Datensicherheit
Ruhr Universität Bochum
Universitätsstr. 150, Geb. ID 2/461
D-44780 Bochum

Telefon: +49 (0) 234 / 32-25030
http://www.nds.rub.de/chair/people/mbrinkmann

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

<Prev in Thread] Current Thread [Next in Thread>