[Cryptography] Attacks on PGP (and allegedly S/MIME)

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>If you look at this more closely, there's a fundamental violation of basic 
>cryptographic principles involved here.  Think of the old red (unencrypted 
>"secret" world)/black (encrypted "sanitized" world) distinction.  It was in 
>the past often implemented as actual physical separation:  "Red" material 
>could only be accessed within a secure, isolated facility.  All that could 
>flow in and out of that facility was "black" material.

Just to confound things even further, the "encrypt everything" approach makes
this even worse.  If you've only got sensitive, valuable email traffic 
encrypted then you can afford to be careful with it, refuse to auto-render
HTML, follow links, and so on.  However, if every piece of HTML-encrusted
gunk that turns up is also encrypted, you can no longer tell whether it's
something you want to isolate or not, and if you do isolate everything users 
will switch to a different mailer that "works", in the sense that it 
displays the HTML-encrusted gunk as intended.

Peter.