Re: Inline-encryption, encryption failure when storing sent mails

diff --git a/b1/19aa142fbf7a5cff92563e096cb4454cd70c4a b/b1/19aa142fbf7a5cff92563e096cb4454cd70c4a
new file mode 100644 (file)
index 0000000..a96c869
--- /dev/null
+++ b/b1/19aa142fbf7a5cff92563e096cb4454cd70c4a
@@ -0,0 +1,148 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 52015431E84\r
+       for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 10:03:37 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id F5LycRLwAveK for <notmuch@notmuchmail.org>;\r
+       Tue, 20 Aug 2013 10:03:32 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+       by olra.theworths.org (Postfix) with ESMTP id 72388431E62\r
+       for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 10:03:32 -0700 (PDT)\r
+Received: from [192.168.13.198] (lair.fifthhorseman.net [108.58.6.98])\r
+       by che.mayfirst.org (Postfix) with ESMTPSA id 7B8F4F984\r
+       for <notmuch@notmuchmail.org>; Tue, 20 Aug 2013 13:03:28 -0400 (EDT)\r
+Message-ID: <5213A15F.30109@fifthhorseman.net>\r
+Date: Tue, 20 Aug 2013 13:03:27 -0400\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+       rv:17.0) Gecko/20130630 Icedove/17.0.7\r
+MIME-Version: 1.0\r
+To: notmuch@notmuchmail.org\r
+Subject: Re: Inline-encryption, encryption failure when storing sent mails\r
+References:\r
+ <CAEj42wtJzxjQKCMQKZ3354oEnW5+McxvzLaM4q9Yx19nR6H_mQ@mail.gmail.com>\r
+       <878v02ysfg.fsf@maritornes.cs.unb.ca>\r
+In-Reply-To: <878v02ysfg.fsf@maritornes.cs.unb.ca>\r
+X-Enigmail-Version: 1.5.1\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+       protocol="application/pgp-signature";\r
+       boundary="----enig2HECLHCUIJSUIIGXLDODV"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 20 Aug 2013 17:03:37 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+------enig2HECLHCUIJSUIIGXLDODV\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On 08/16/2013 04:02 AM, David Bremner wrote:\r
+> Simon Hirscher <public@simonhirscher.de> writes:\r
+>=20\r
+>> 1. Support for inline-encryption As far as I can see, so far only\r
+>> encrypted mails with PGP/MIME are supported. Couldn't notmuch also\r
+>> support text/plain messages that contain PGP-encrypted messages by\r
+>> scanning for "^-----BEGIN\ PGP\ (SIGNED\ )?MESSAGE"? =E2=80=93 as sugg=\r
+ested in\r
+>> a previous message to this mailing list\r
+>> (id:87zl3az8mm.fsf@lillypad.riseup.net; web view:\r
+>=20\r
+> If someone feels inspired to work on this, maybe=20\r
+>=20\r
+>    notmuch-wash-convert-inline-patch-to-part\r
+>=20\r
+> (in notmuch-watch.el) might be a reasonable place to start.\r
+\r
+if anyone does feel inclined to work on this, please consider that\r
+dealing cleanly an inline-signed message has a number of serious\r
+problems, not least of which is the Content-Type.\r
+\r
+I've been meaning to write this up more cleanly, but a summary here will\r
+have to do for now:\r
+\r
+The MIME Content-Type header for an inline-PGP-signed e-mail message is\r
+not signed.  This means that an attacker can replay a signed message\r
+while undetectably changing the Content-Type.  One example of such an\r
+attack is to leave the base Content-Type as text/plain but to switch\r
+charsets -- the same bytestream can then be interpreted differently.\r
+\r
+For example, depending on the charset, the same bytestream can be\r
+represented as:\r
+\r
+ The rental is =E2=82=AC13/week for unit 7.\r
+\r
+[charset=3Dbig5]\r
+\r
+or:\r
+\r
+ The rental is =C2=A3=D7=9113/week for unit 7.\r
+\r
+[charset=3Diso-8859-8]\r
+\r
+since 1GBP =3D 1.17EUR, this represents a change of 17% in the value of\r
+the signed message while retaining the signature's validity :P\r
+\r
+Given that you don't have cryptographically-reliable Content-Type\r
+information, will you be comfortable indicating that the message is\r
+actually signed?\r
+\r
+Also, inline-signed messages may not span the entire part.  That is, a\r
+message could have a bit of unsigned text above or below the\r
+inline-signature.  The current user-facing UI in notmuch-emacs indicates\r
+whether each part is individually signed or not.  How would\r
+notmuch-emacs indicate reliably to the user that only a portion of the\r
+part is signed?\r
+\r
+In short: inline PGP is a mess, and existing implementations which try\r
+to cope with it have severe shortcomings.  I'd rather avoid introducing\r
+new types of failure to notmuch.\r
+\r
+       --dkg\r
+\r
+\r
+------enig2HECLHCUIJSUIIGXLDODV\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1.4.14 (GNU/Linux)\r
+Comment: Using GnuPG with Icedove - http://www.enigmail.net/\r
+\r
+iQJ8BAEBCgBmBQJSE6FfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc6O4P/1mDlyMjavqICRYT78ssI0dC\r
+NU6Oc70NE2b6xkjpsM5xwitYy4Cr0x4z/invb02Du/gJ4soZmGEyeouj9yrjuqOc\r
+PEQiXEFesUvoWxvFkS+WUAv56J3ZUVx487Ae6UUMI6b8Yy49gYTZKJ4E0R8dhHXg\r
+BFFy7H4X04GHwTgWEQ+P3Qbkf2cXd1BODfT/TvKK4ewlnl8AsQOVc8S0oeuO7Ql9\r
+7bIDK6MX/g7Spv+h6DyZhpgcVJUw81CQcN6Pzvrja4VgbKMQ6dHZbvYgA+k3EZHc\r
+ghMskJh9KIodkdx8L4DbqC3n/WpKfGVAmXJe8t4uq4n9LL4VfZxOya8aGdGhSiUJ\r
+ZeHkmw3GP8AnomMUHAXqfrdMR/LKi7rHxE/OM+AoT9rim7fpCmSqbmBuFeyGIIzD\r
+iTiodsJ8Z3vQ9iK50dNJcUJnWTRQnePHBCRv888al491G2hzDRq+rFy4ybQupA0G\r
+7QNeVTBNdCvWkbj9imNS+8VSUd7wKU5AkQr51iJw9vXjF3fcg1wTCMGaITv6w9hV\r
+yVtPD8wQ88Mvx/tmbMpe0a/weQWN/HDl9w/0KzPlshetmzwe+HAiWxNgjmi7ICFh\r
+4FsFBgKqZnYIsz+FyLGJeCYn4pzCXBMrJZgjqB7WJ8dHVfUwEQBlmtPS28VR0xER\r
+ioh50g9CtLuQUI44ujnV\r
+=HHmd\r
+-----END PGP SIGNATURE-----\r
+\r
+------enig2HECLHCUIJSUIIGXLDODV--\r