The rough reaction to the public announcement of EFAIL unfolded several dimensions.
- Some people claimed that this series of vulnerabilities was nothing new because email encryption was dead for years because the protocols use old cryptographic schemes.
- Others were accusing the researchers of putting journalists and political activists at risk by announcing an unpatched vulnerability on protocols they use and need without giving usable solutions.
- There were also many critics about the fact that the researchers gave the vulnerability a name, a website and even a logo, which is certainly useful to publicize the findings but does no good to the security, according to these critical voices.
- There were also more neutral reactions that commented the challenges of such a disclosure.
Debates raged for nearly two weeks in the several online platforms we tracked before slowly fading away.
