<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<div class="moz-cite-prefix">On 5/15/18 11:46 AM, Rick Hornsby
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAP--A0kiRWt7UJDKH1EygUrcHdTcqErS8u2YOp6oxOkN=3hk9Q@mail.gmail.com">
<style>body{font-family:Helvetica,Arial;font-size:13px}</style>
<div id="bloop_customfont"
style="font-family:Helvetica,Arial;font-size:13px;color:rgba(0,0,0,1.0);margin:0px;line-height:auto"><br>
</div>
<div id="bloop_sign_1526398786175086848" class="bloop_sign">On May
14, 2018 at 6:29:13 PM, Roberto C. Sánchez (<a
href="mailto:roberto@connexer.com" moz-do-not-send="true">roberto@connexer.com</a>)
wrote:</div>
<div>
<blockquote type="cite" class="clean_bq"
style="font-family:Helvetica,Arial;font-size:13px;font-style:normal;font-variant-caps:normal;font-weight:normal;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none"><span>
<div>
<div>On Mon, May 14, 2018 at 02:26:16PM -0700, Rick
Hornsby wrote:<br>
><span class="Apple-converted-space"> </span><br>
> It feels like we’re dealing with the same thing.
Unless GPG has some kind<br>
> of code exploitation bug or built-in scripting
engine that’s being abused,<br>
> I’m having difficulty finding fault with GPG here.<br>
><span class="Apple-converted-space"> </span><br>
I agree. EFF's reaction to this and their recommendation
seem far off<br>
base and out of step with what I have come to expect of
them. Anybody<br>
who is serious about security is already aware of the
dangers of HTML<br>
(you summarized the issues nicely in your message,
though I did not<br>
quote it here).</div>
</div>
</span></blockquote>
</div>
</blockquote>
I agree. CERT seems to have it right and calls it an email client
vulnerability.<br>
<br>
<a class="moz-txt-link-freetext" href="https://www.kb.cert.org/vuls/id/122919">https://www.kb.cert.org/vuls/id/122919</a><br>
<br>
</body>
</html>