Search the Enigmail forums for people who couldn't open their emails after GnuPG made MDCs mandatory (as a reaction of Efail). Especially people with old PGP keys were receiving non-MDC (SE) ciphertexts since ever. Mozilla's bugzilla (and a bank I heart of) were using non-MDC encryption. Reading the OpenPGP RFC, this is perfectly fine behaviour.
The Efail paper also describes a way to downgrade MDC ciphertexts to SE ciphertexts. This was known since 2015, but not addressed in OpenPGP.
So OpenPGP according to RFC 4880 allows SE packets with no MDC, and the MDC can be stripped away in a standard conforming way (tho with some guessing of bytes). If that isn't a problem with the OpenPGP standard, I don't know what is.
Just weeks after Efail, they made SE packets (those with no MDC) deprecated in the current RFC 4880bis. They were careful to not mention Efail, because it wasn't OpenPGP's fault. For some, it's never OpenPGP's fault.
>Actually this is not related to the mentioned CVE because the issue we are talking about has not been tested by them.
So it appears that the EFAIL people could of prevented MDC from thwarting their attack if they had used a really old cypher. So, OK I will concede that EFAIL at least inspired a change in GPG. My original statement that GPG required no changes as a result of EFAIL is still correct as stated though.
We are still quibbling here. I don't think that S/MIME was deficient in any way with respect to EFAIL either. So all this discussion about MDC is still pointless to me.
The Efail paper also describes a way to downgrade MDC ciphertexts to SE ciphertexts. This was known since 2015, but not addressed in OpenPGP.
So OpenPGP according to RFC 4880 allows SE packets with no MDC, and the MDC can be stripped away in a standard conforming way (tho with some guessing of bytes). If that isn't a problem with the OpenPGP standard, I don't know what is.
Just weeks after Efail, they made SE packets (those with no MDC) deprecated in the current RFC 4880bis. They were careful to not mention Efail, because it wasn't OpenPGP's fault. For some, it's never OpenPGP's fault.