I’m reading the man page and looking for the place where GPG instructs users not to render plaintext if an MDC isn’t present on a message. Can someone help me find it?
-
-
I think there’s blame to go around, but exposing unauthenticated plaintext is a vulnerability for a secure messaging SDK, full stop.
-
To be clear, your position is that if *any* api - even undocumented, not exported and only if used incorrectly - can provide access to unauthenticated plaintext, then that is a vulnerability?
- 14 more replies
New conversation -
-
-
Gpgme has user docs, whereas the status api has some org mode README in the source distribution. I'm not convinced it's fair to say "it's a vuln if it's hard to use the low-level internal apis", is there any library that can't be misused if you access private/internal apis? 2/2
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
