Sequoia for example has been doing a great job and implements the latest version of the standard which brings a lot of cryptography up to date

▲

perching_aix 18 hours ago | parent | next [-]

I'm yet to finish watching the talk, but it starts with them confirming the demo fraudulent .iso with sequoia also (they call it out by name), so this really makes me think. :)

	▲	tptacek 18 hours ago \| parent [-]
		Sequioa hasn't fixed the attack from the beginning of the talk, the one where they convert between cleartext and full signature formats and inject unsigned bytes into the output because of the confusion.

▲

akerl_ 17 hours ago | parent | prev [-]

The latest version of a bad standard is still bad.

This page is a pretty direct indicator that GPG's foundation is fundamentally broken: you're not going to get to a good outcome trying to renovate the 2nd story.

▲

singpolyma3 17 hours ago | parent [-]

That's just not true. Nothing in this page is a problem with the standard and everything in this page is the outdated parts of the old standard.

	▲	akerl_ 17 hours ago \| parent [-]
		So then why do a bunch of these affect Sequoia as well?