Security: Johnny, you are fired!

[dumblob]

🗣 Suggestion

Recently I stumbled upon a paper “Johnny, you are fired!” – Spoofing OpenPGP and S/MIME Signatures in Emails evaluating few similar attack vectors on encrypted email communication. I think it's worth taking a look at as according to their findings (see Table 2 and onward) it seems affect vast majority of MUAs (standalone as well as web ones).

I didn't have time to evaluate Cypht for these vulnerabilities, but I think it should be done :wink:.