[PATCH v2 1/2] test: Replying to an HTML-only message in emacs

[notmuch-archives.git] / fd / 6f5b15505316b5b45b1c8e90289a5bf6ebe981

Return-Path: <dkg@fifthhorseman.net>\r
X-Original-To: notmuch@notmuchmail.org\r
Delivered-To: notmuch@notmuchmail.org\r
Received: from localhost (localhost [127.0.0.1])\r
        by olra.theworths.org (Postfix) with ESMTP id C2296431FD0\r
        for <notmuch@notmuchmail.org>; Wed, 22 Dec 2010 11:11:46 -0800 (PST)\r
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
X-Spam-Flag: NO\r
X-Spam-Score: 0.001\r
X-Spam-Level: \r
X-Spam-Status: No, score=0.001 tagged_above=-999 required=5\r
        tests=[UNPARSEABLE_RELAY=0.001] autolearn=disabled\r
Received: from olra.theworths.org ([127.0.0.1])\r
        by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
        with ESMTP id f+Oftu6BPL9u for <notmuch@notmuchmail.org>;\r
        Wed, 22 Dec 2010 11:11:45 -0800 (PST)\r
Received: from rodolpho.mayfirst.org (mail.freitas.net [209.234.253.107])\r
        (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))\r
        (No client certificate requested)\r
        by olra.theworths.org (Postfix) with ESMTPS id D3EA8431FB6\r
        for <notmuch@notmuchmail.org>; Wed, 22 Dec 2010 11:11:45 -0800 (PST)\r
Received: from localhost (localhost [127.0.0.1])\r
        by rodolpho.mayfirst.org (Postfix) with ESMTP id 5C3BE3CD84;\r
        Wed, 22 Dec 2010 14:11:43 -0500 (EST)\r
X-Virus-Scanned: Debian amavisd-new at rodolpho.mayfirst.org\r
Received: from rodolpho.mayfirst.org ([127.0.0.1])\r
        by localhost (rodolpho.mayfirst.org [127.0.0.1]) (amavisd-new,\r
        port 10024)\r
        with ESMTP id KaEv+VNvA7Zj; Wed, 22 Dec 2010 14:11:43 -0500 (EST)\r
Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender:\r
        smtpauth@rodolpho.mayfirst.org) with ESMTPSA id 1736C3CD72\r
Message-ID: <4D124D68.6060300@fifthhorseman.net>\r
Date: Wed, 22 Dec 2010 14:11:36 -0500\r
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US;\r
        rv:1.9.2.12) Gecko/20101110 Icedove/3.1.6\r
MIME-Version: 1.0\r
To: Sebastian Spaeth <Sebastian@SSpaeth.de>\r
Subject: Re: PGP/MIME signature verification\r
References: <4CF15D67.1070904@fifthhorseman.net>\r
        <87aak08fu8.fsf@servo.finestructure.net>\r
        <87zkrz314j.fsf@SSpaeth.de> <4D10C97C.7060602@fifthhorseman.net>\r
        <87mxnx3mb9.fsf@SSpaeth.de>\r
In-Reply-To: <87mxnx3mb9.fsf@SSpaeth.de>\r
X-Enigmail-Version: 1.1.2\r
OpenPGP: id=D21739E9\r
Content-Type: multipart/signed; micalg=pgp-sha512;\r
        protocol="application/pgp-signature";\r
        boundary="------------enig83760AE24DDB8E65EA18B507"\r
Cc: notmuch <notmuch@notmuchmail.org>\r
X-BeenThere: notmuch@notmuchmail.org\r
X-Mailman-Version: 2.1.13\r
Precedence: list\r
Reply-To: notmuch <notmuch@notmuchmail.org>\r
List-Id: "Use and development of the notmuch mail system."\r
        <notmuch.notmuchmail.org>\r
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
List-Post: <mailto:notmuch@notmuchmail.org>\r
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
X-List-Received-Date: Wed, 22 Dec 2010 19:11:46 -0000\r
\r
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)\r
--------------enig83760AE24DDB8E65EA18B507\r
Content-Type: text/plain; charset=UTF-8\r
Content-Transfer-Encoding: quoted-printable\r
\r
On 12/22/2010 09:38 AM, Sebastian Spaeth wrote:\r
>>> "sigstatus": [{"status": "error","keyid": "ED34CEABE27BAABC", "errors=\r
":\r
>>> 2}]\r
>>> (perhaps due to me not having your key???)\r
>>\r
>> yup, that is why you get that error.\r
>=20\r
> Is there a possibility to squeeze a nicer error message out of it? :-)\r
\r
that's a good question -- i'm not sure libgmime gives us much else to\r
work with (it is itself calling out to gpg, which in turn might not give\r
*it* much to work with), but i'll see if there's anything we can do\r
about that.\r
\r
One potential concern with this kind of reporting is that (due to the\r
dirty details of the OpenPGP data signature format), differentiating\r
"you don't have this key in your keyring" from "you have this key, but\r
the signature is bad" is not fully possible.\r
\r
For those who want the details:\r
\r
 0) an OpenPGP signature contains the signature data itself, plus an\r
indicator of what key made the signature (the "issuer"):\r
\r
  https://tools.ietf.org/html/rfc4880#section-5.2.3.5\r
\r
 1) The indicator is the lower 64-bits of the OpenPGP fingerprint of the\r
signing key.\r
\r
 2) OpenPGP fingerprints themselves are SHA-1 sums of (some fiddly\r
concatenation of) the creation time of the key and the public key\r
material itself:\r
\r
  https://tools.ietf.org/html/rfc4880#section-12.2\r
\r
However, the 64 bits of the key ID (while longer than the 32-bit pattern\r
commonly expressed like "0xDEADBEEF") isn't really a big-enough search\r
space to resist collision attacks by moderately-well-resourced adversarie=\r
s.\r
\r
That is, it's currently possible to have a computer farm powerful enough\r
to crank through the search space to create a valid OpenPGP key with any\r
chosen 64-bit key ID.\r
\r
So if Alice has her legitimate key with key ID 0x0000DECAFBAD0000, and\r
Eve has a big computer, Eve can create a new OpenPGP key with the same\r
Key ID.  If Eve convinces Bob to load her own key into his keyring, then\r
what happens when Bob receives a signed message from Alice?\r
\r
Bob's verifier will look at the message, see that it's signed by a key\r
with key ID 0x0000DECAFBAD0000, and then check the signature against his\r
copy of Eve's key.  But the signature doesn't verfiy!  This is actually\r
because Bob doesn't have Alice's key, of course, but his client has no\r
way of knowing that -- it just sees that it has a matching key that\r
doesn't verify.\r
\r
So an attacker can convert a "you don't have this key" to a "you have\r
this key but the signature doesn't validate" without even tampering with\r
the message in transit (of course, an attacker who can tamper with the\r
message in transit can *also* make a signature fail to validate, just by\r
flipping a bit or two in either the message or the signature).\r
\r
(note: don't despair!  the full 160-bit OpenPGP fingerprint space is not\r
currently under threat; only the 64-bit "key ID" has the above problem,\r
given our current understanding of cryptanalysis and the power of our\r
computing hardware).\r
\r
        --dkg\r
\r
\r
--------------enig83760AE24DDB8E65EA18B507\r
Content-Type: application/pgp-signature; name="signature.asc"\r
Content-Description: OpenPGP digital signature\r
Content-Disposition: attachment; filename="signature.asc"\r
\r
-----BEGIN PGP SIGNATURE-----\r
Version: GnuPG v1.4.11 (GNU/Linux)\r
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/\r
\r
iQIcBAEBCgAGBQJNEk1oAAoJEMzS7ZTSFznpwtoP/2oWg6zfUJQ5+WLTr7hIGaax\r
anJLrexylzLczEZ0BVlA+m+v3YGGkXDaU+VMFqsjHQMvEoCiIuGcrj53NQV4ICbj\r
s18FjTepjkr3/x+3Xseug1afDc6+DG80+fXyUUEkLpuvCJwA1zdcn8fu/Jl/fgsA\r
tgGU7q/lv4HoMH3kQB3t6i4cFaOwk4W4NySqVWjuS06+7DXqLBmZ5Pe8/2vB6dic\r
zmr/j/W4waDBK9wkqZ4YAfwrABaKuvCfT367/0tYKKPDpG7XPnkbuaVNleUXoT4c\r
4tLp0MAV0Wgn331jrqT7w1Yh37ZaR2usAJ0WICi62F3yQkeB95XcfOVxmEcrgzdj\r
EA6qGi/9P0x559SvLMW/+e4KaniaC18aHNwSU7rP4D942d16hDpukyvOrey9+5BB\r
g1J3Lu581J5/MoUka0LuxebiqqdOXWzNbV9AETYx7drqMx7RrgiIfffE9etjlYPA\r
pqr3JZf4PLeF+aFqWtMjmLH9P6hlEbolnzqoL/QXNAzFjuE6fqI/R8rQNo3UD6r9\r
R7oGbr3LDCDs0GDOv1UEq3CBJ8P5VsPdAAcqn2xM2Foyc6A0v8mfr0XfMWfKesFA\r
xDIApjmNA/8i5v25XwWSs/EYyEqub6ndKnfvE/pbjn6TwzvwKixktCID4MgaptzK\r
SDe0fT0MN+NeK+sDJ1dN\r
=XwoT\r
-----END PGP SIGNATURE-----\r
\r
--------------enig83760AE24DDB8E65EA18B507--\r