From: Daniel Kahn Gillmor Date: Tue, 18 Feb 2014 18:31:58 +0000 (+1900) Subject: Re: Inline-encryption, encryption failure when storing sent mails X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=28ebea6dc6ec470004e24dbf33b5e8f7c911e17d;p=notmuch-archives.git Re: Inline-encryption, encryption failure when storing sent mails --- diff --git a/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d b/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d new file mode 100644 index 000000000..5fb71e0c0 --- /dev/null +++ b/19/83f43ff15ddbc1a9abea6f5336d3ddc2f10d5d @@ -0,0 +1,100 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 4C1BD431FBF + for ; Tue, 18 Feb 2014 10:32:20 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id NZr1DVcseCRE for ; + Tue, 18 Feb 2014 10:32:15 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by olra.theworths.org (Postfix) with ESMTP id 35134431FBD + for ; Tue, 18 Feb 2014 10:32:15 -0800 (PST) +Received: from fifthhorseman.net (unknown [38.109.115.130]) + by che.mayfirst.org (Postfix) with ESMTPSA id 58423F984 + for ; Tue, 18 Feb 2014 13:32:11 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id EE9702006A; Tue, 18 Feb 2014 13:32:01 -0500 (EST) +From: Daniel Kahn Gillmor +To: notmuch@notmuchmail.org +Subject: Re: Inline-encryption, encryption failure when storing sent mails +In-Reply-To: <5213A15F.30109@fifthhorseman.net> +References: + + <878v02ysfg.fsf@maritornes.cs.unb.ca> <5213A15F.30109@fifthhorseman.net> +User-Agent: Notmuch/0.17 (http://notmuchmail.org) Emacs/24.3.1 + (x86_64-pc-linux-gnu) +Date: Tue, 18 Feb 2014 13:31:58 -0500 +Message-ID: <87lhx8w9up.fsf@alice.fifthhorseman.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha512; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Tue, 18 Feb 2014 18:32:20 -0000 + +--=-=-= +Content-Type: text/plain + +On Tue 2013-08-20 13:03:27 -0400, Daniel Kahn Gillmor wrote: +> I've been meaning to write this up more cleanly, but a summary here will +> have to do for now: +> +> The MIME Content-Type header for an inline-PGP-signed e-mail message is +> not signed. This means that an attacker can replay a signed message +> while undetectably changing the Content-Type. One example of such an +> attack is to leave the base Content-Type as text/plain but to switch +> charsets -- the same bytestream can then be interpreted differently. + +I've finally written this up, with a demonstration. I'm hosting it here +for now: + + https://dkg.fifthhorseman.net/notes/pgp-inline-harmful/ + +i hope this is useful for future discussions about inline PGP. + +Please let me know if you see any problems with the text or if you have +any questions. + + --dkg + +--=-=-= +Content-Type: application/pgp-signature + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQJ8BAEBCgBmBQJTA6cfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB +NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcObUP/0qWGWThMjijVrjutmFcIcn+ +QbFvZlbb5/+BuY+Y90RYjUaVynxsPIKAvzbdvtB0Pl18f9miK3Hyw0VPstS6W6YO +K922vrFfA9VIMNpS7fmTqgmSXHIhQb+4Ap8QKMSi+WQNi3wA3hCvs/BjdMSamMSQ +1GfPkeM7ZtDrW/u5CdzgOYq7d6knksmzMHUoB2kIyXUHbbuqIvlNZDbzrHWRYzIT +AlzzEXTJziW009pqhSZ8SOF1G8O6Ii0ygSf1zURoTzI1cpFFakn6K/bJTiwE6kwQ +GXMV9GsLdKu3t3M5/RKJ4Hmng4nFeI5chr8SUcAYJ28SmUUzLnTAo1hGGKt1cCKl +vV/bF1OP4ddJONcSwIi8ypK8RCdL2UcBP7SXcT+PkhWlr9R5iYtJ1Zk1jjRr6vOB +8yd03tw7KZ5vX3R9QBsZNS2nMzg3V596JhAQCOnTGcTQNYwDYq6f5i+yQvo5ArPb +JMpG8vadK6Hb+oCz9HvrbdGZxMPs61HuiZaSL8WE5k7gIF5KhOaTC09rmQ3eie5H +dycQwxw8zaMlykjUliKP66yMmxWqqiAaoVws+njNMOCxFyqhQomqgNxK3nunoM92 +l8HfsbEAq6vMUc246QsTWG9Dl8UFvXiSkFjJrLHVX091p6b2yfTmkm2fDWCQbQqM +uHt5j8YL3NylsLZ5vSFG +=Vsxy +-----END PGP SIGNATURE----- +--=-=-=--