Follow

Technical background for end-to-end crypto emails: Cryptographic Message Syntax (CMS) is to S/MIME what OpenPGP is to OpenPGP/MIME. Those are the two major open standards. But on May 2018 most S/MIME clients were found to be vulnerable to a Cipher Block Chaining (CBC) malleability-gadget attack (CVE-2017-17689) for unsigned mails, because they did not use modern CMS variants specs. One takeway: Sign all your encrypted emails. Don't load external contents.

Sign in to participate in the conversation
Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!