1 Return-Path: <dkg@fifthhorseman.net>
\r
2 X-Original-To: notmuch@notmuchmail.org
\r
3 Delivered-To: notmuch@notmuchmail.org
\r
4 Received: from localhost (localhost [127.0.0.1])
\r
5 by olra.theworths.org (Postfix) with ESMTP id 52015431E84
\r
6 for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 10:03:37 -0700 (PDT)
\r
7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
\r
11 X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
\r
13 Received: from olra.theworths.org ([127.0.0.1])
\r
14 by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
\r
15 with ESMTP id F5LycRLwAveK for <notmuch@notmuchmail.org>;
\r
16 Tue, 20 Aug 2013 10:03:32 -0700 (PDT)
\r
17 Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
\r
18 by olra.theworths.org (Postfix) with ESMTP id 72388431E62
\r
19 for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 10:03:32 -0700 (PDT)
\r
20 Received: from [192.168.13.198] (lair.fifthhorseman.net [108.58.6.98])
\r
21 by che.mayfirst.org (Postfix) with ESMTPSA id 7B8F4F984
\r
22 for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 13:03:28 -0400 (EDT)
\r
23 Message-ID: <5213A15F.30109@fifthhorseman.net>
\r
24 Date: Tue, 20 Aug 2013 13:03:27 -0400
\r
25 From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
\r
26 User-Agent: Mozilla/5.0 (X11; Linux x86_64;
\r
27 rv:17.0) Gecko/20130630 Icedove/17.0.7
\r
29 To: notmuch@notmuchmail.org
\r
30 Subject: Re: Inline-encryption, encryption failure when storing sent mails
\r
32 <CAEj42wtJzxjQKCMQKZ3354oEnW5+McxvzLaM4q9Yx19nR6H_mQ@mail.gmail.com>
\r
33 <878v02ysfg.fsf@maritornes.cs.unb.ca>
\r
34 In-Reply-To: <878v02ysfg.fsf@maritornes.cs.unb.ca>
\r
35 X-Enigmail-Version: 1.5.1
\r
36 Content-Type: multipart/signed; micalg=pgp-sha512;
\r
37 protocol="application/pgp-signature";
\r
38 boundary="----enig2HECLHCUIJSUIIGXLDODV"
\r
39 X-BeenThere: notmuch@notmuchmail.org
\r
40 X-Mailman-Version: 2.1.13
\r
42 List-Id: "Use and development of the notmuch mail system."
\r
43 <notmuch.notmuchmail.org>
\r
44 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
\r
45 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
\r
46 List-Archive: <http://notmuchmail.org/pipermail/notmuch>
\r
47 List-Post: <mailto:notmuch@notmuchmail.org>
\r
48 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
\r
49 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
\r
50 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
\r
51 X-List-Received-Date: Tue, 20 Aug 2013 17:03:37 -0000
\r
53 This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
\r
54 ------enig2HECLHCUIJSUIIGXLDODV
\r
55 Content-Type: text/plain; charset=UTF-8
\r
56 Content-Transfer-Encoding: quoted-printable
\r
58 On 08/16/2013 04:02 AM, David Bremner wrote:
\r
59 > Simon Hirscher <public@simonhirscher.de> writes:
\r
61 >> 1. Support for inline-encryption As far as I can see, so far only
\r
62 >> encrypted mails with PGP/MIME are supported. Couldn't notmuch also
\r
63 >> support text/plain messages that contain PGP-encrypted messages by
\r
64 >> scanning for "^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"? =E2=80=93 as sugg=
\r
66 >> a previous message to this mailing list
\r
67 >> (id:87zl3az8mm.fsf@lillypad.riseup.net; web view:
\r
69 > If someone feels inspired to work on this, maybe=20
\r
71 > notmuch-wash-convert-inline-patch-to-part
\r
73 > (in notmuch-watch.el) might be a reasonable place to start.
\r
75 if anyone does feel inclined to work on this, please consider that
\r
76 dealing cleanly an inline-signed message has a number of serious
\r
77 problems, not least of which is the Content-Type.
\r
79 I've been meaning to write this up more cleanly, but a summary here will
\r
82 The MIME Content-Type header for an inline-PGP-signed e-mail message is
\r
83 not signed. This means that an attacker can replay a signed message
\r
84 while undetectably changing the Content-Type. One example of such an
\r
85 attack is to leave the base Content-Type as text/plain but to switch
\r
86 charsets -- the same bytestream can then be interpreted differently.
\r
88 For example, depending on the charset, the same bytestream can be
\r
91 The rental is =E2=82=AC13/week for unit 7.
\r
97 The rental is =C2=A3=D7=9113/week for unit 7.
\r
99 [charset=3Diso-8859-8]
\r
101 since 1GBP =3D 1.17EUR, this represents a change of 17% in the value of
\r
102 the signed message while retaining the signature's validity :P
\r
104 Given that you don't have cryptographically-reliable Content-Type
\r
105 information, will you be comfortable indicating that the message is
\r
108 Also, inline-signed messages may not span the entire part. That is, a
\r
109 message could have a bit of unsigned text above or below the
\r
110 inline-signature. The current user-facing UI in notmuch-emacs indicates
\r
111 whether each part is individually signed or not. How would
\r
112 notmuch-emacs indicate reliably to the user that only a portion of the
\r
115 In short: inline PGP is a mess, and existing implementations which try
\r
116 to cope with it have severe shortcomings. I'd rather avoid introducing
\r
117 new types of failure to notmuch.
\r
122 ------enig2HECLHCUIJSUIIGXLDODV
\r
123 Content-Type: application/pgp-signature; name="signature.asc"
\r
124 Content-Description: OpenPGP digital signature
\r
125 Content-Disposition: attachment; filename="signature.asc"
\r
127 -----BEGIN PGP SIGNATURE-----
\r
128 Version: GnuPG v1.4.14 (GNU/Linux)
\r
129 Comment: Using GnuPG with Icedove - http://www.enigmail.net/
\r
131 iQJ8BAEBCgBmBQJSE6FfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
\r
132 ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
\r
133 NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc6O4P/1mDlyMjavqICRYT78ssI0dC
\r
134 NU6Oc70NE2b6xkjpsM5xwitYy4Cr0x4z/invb02Du/gJ4soZmGEyeouj9yrjuqOc
\r
135 PEQiXEFesUvoWxvFkS+WUAv56J3ZUVx487Ae6UUMI6b8Yy49gYTZKJ4E0R8dhHXg
\r
136 BFFy7H4X04GHwTgWEQ+P3Qbkf2cXd1BODfT/TvKK4ewlnl8AsQOVc8S0oeuO7Ql9
\r
137 7bIDK6MX/g7Spv+h6DyZhpgcVJUw81CQcN6Pzvrja4VgbKMQ6dHZbvYgA+k3EZHc
\r
138 ghMskJh9KIodkdx8L4DbqC3n/WpKfGVAmXJe8t4uq4n9LL4VfZxOya8aGdGhSiUJ
\r
139 ZeHkmw3GP8AnomMUHAXqfrdMR/LKi7rHxE/OM+AoT9rim7fpCmSqbmBuFeyGIIzD
\r
140 iTiodsJ8Z3vQ9iK50dNJcUJnWTRQnePHBCRv888al491G2hzDRq+rFy4ybQupA0G
\r
141 7QNeVTBNdCvWkbj9imNS+8VSUd7wKU5AkQr51iJw9vXjF3fcg1wTCMGaITv6w9hV
\r
142 yVtPD8wQ88Mvx/tmbMpe0a/weQWN/HDl9w/0KzPlshetmzwe+HAiWxNgjmi7ICFh
\r
143 4FsFBgKqZnYIsz+FyLGJeCYn4pzCXBMrJZgjqB7WJ8dHVfUwEQBlmtPS28VR0xER
\r
144 ioh50g9CtLuQUI44ujnV
\r
146 -----END PGP SIGNATURE-----
\r
148 ------enig2HECLHCUIJSUIIGXLDODV--
\r