Re: Inline-encryption, encryption failure when storing sent mails

diff --git a/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d b/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d
new file mode 100644 (file)
index 0000000..5fb71e0
--- /dev/null
+++ b/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d
@@ -0,0 +1,100 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 4C1BD431FBF\r
+       for <notmuch@notmuchmail.org>; Tue, 18 Feb 2014 10:32:20 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id NZr1DVcseCRE for <notmuch@notmuchmail.org>;\r
+       Tue, 18 Feb 2014 10:32:15 -0800 (PST)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+       by olra.theworths.org (Postfix) with ESMTP id 35134431FBD\r
+       for <notmuch@notmuchmail.org>; Tue, 18 Feb 2014 10:32:15 -0800 (PST)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+       by che.mayfirst.org (Postfix) with ESMTPSA id 58423F984\r
+       for <notmuch@notmuchmail.org>; Tue, 18 Feb 2014 13:32:11 -0500 (EST)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+       id EE9702006A; Tue, 18 Feb 2014 13:32:01 -0500 (EST)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: notmuch@notmuchmail.org\r
+Subject: Re: Inline-encryption, encryption failure when storing sent mails\r
+In-Reply-To: <5213A15F.30109@fifthhorseman.net>\r
+References:\r
+ <CAEj42wtJzxjQKCMQKZ3354oEnW5+McxvzLaM4q9Yx19nR6H_mQ@mail.gmail.com>\r
+       <878v02ysfg.fsf@maritornes.cs.unb.ca>   <5213A15F.30109@fifthhorseman.net>\r
+User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.3.1\r
+       (x86_64-pc-linux-gnu)\r
+Date: Tue, 18 Feb 2014 13:31:58 -0500\r
+Message-ID: <87lhx8w9up.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+       micalg=pgp-sha512; protocol="application/pgp-signature"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 18 Feb 2014 18:32:20 -0000\r
+\r
+--=-=-=\r
+Content-Type: text/plain\r
+\r
+On Tue 2013-08-20 13:03:27 -0400, Daniel Kahn Gillmor wrote:\r
+> I've been meaning to write this up more cleanly, but a summary here will\r
+> have to do for now:\r
+>\r
+> The MIME Content-Type header for an inline-PGP-signed e-mail message is\r
+> not signed.  This means that an attacker can replay a signed message\r
+> while undetectably changing the Content-Type.  One example of such an\r
+> attack is to leave the base Content-Type as text/plain but to switch\r
+> charsets -- the same bytestream can then be interpreted differently.\r
+\r
+I've finally written this up, with a demonstration.  I'm hosting it here\r
+for now:\r
+\r
+   https://dkg.fifthhorseman.net/notes/pgp-inline-harmful/\r
+\r
+i hope this is useful for future discussions about inline PGP.\r
+\r
+Please let me know if you see any problems with the text or if you have\r
+any questions.\r
+\r
+   --dkg\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+\r
+iQJ8BAEBCgBmBQJTA6cfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcObUP/0qWGWThMjijVrjutmFcIcn+\r
+QbFvZlbb5/+BuY+Y90RYjUaVynxsPIKAvzbdvtB0Pl18f9miK3Hyw0VPstS6W6YO\r
+K922vrFfA9VIMNpS7fmTqgmSXHIhQb+4Ap8QKMSi+WQNi3wA3hCvs/BjdMSamMSQ\r
+1GfPkeM7ZtDrW/u5CdzgOYq7d6knksmzMHUoB2kIyXUHbbuqIvlNZDbzrHWRYzIT\r
+AlzzEXTJziW009pqhSZ8SOF1G8O6Ii0ygSf1zURoTzI1cpFFakn6K/bJTiwE6kwQ\r
+GXMV9GsLdKu3t3M5/RKJ4Hmng4nFeI5chr8SUcAYJ28SmUUzLnTAo1hGGKt1cCKl\r
+vV/bF1OP4ddJONcSwIi8ypK8RCdL2UcBP7SXcT+PkhWlr9R5iYtJ1Zk1jjRr6vOB\r
+8yd03tw7KZ5vX3R9QBsZNS2nMzg3V596JhAQCOnTGcTQNYwDYq6f5i+yQvo5ArPb\r
+JMpG8vadK6Hb+oCz9HvrbdGZxMPs61HuiZaSL8WE5k7gIF5KhOaTC09rmQ3eie5H\r
+dycQwxw8zaMlykjUliKP66yMmxWqqiAaoVws+njNMOCxFyqhQomqgNxK3nunoM92\r
+l8HfsbEAq6vMUc246QsTWG9Dl8UFvXiSkFjJrLHVX091p6b2yfTmkm2fDWCQbQqM\r
+uHt5j8YL3NylsLZ5vSFG\r
+=Vsxy\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r