IETF Logo Mail Archive

Re: More mail madness?

Russ Housley <housley@vigilsec.com> Mon, 14 May 2018 16:29 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D48B1126C22 for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:29:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jEjZTfWmQpdU for <ietf@ietfa.amsl.com>; Mon, 14 May 2018 09:29:03 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 827CF12D950 for <ietf@ietf.org>; Mon, 14 May 2018 09:29:03 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 52219300596 for <ietf@ietf.org>; Mon, 14 May 2018 12:29:01 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZlKsMyDseXzi for <ietf@ietf.org>; Mon, 14 May 2018 12:29:00 -0400 (EDT)
Received: from new-host.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 098E8300A19; Mon, 14 May 2018 12:29:00 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <B0CE44DF-DC7C-4411-B1CC-30B87E38D3F6@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_85C30905-D3DE-4A67-95AA-A860FABFF12C"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Subject: Re: More mail madness?
Date: Mon, 14 May 2018 12:29:01 -0400
In-Reply-To: <CAMm+LwiOfdptL6u=SyCtQnz7xKrJD6HTDkKs+JGeHf54CSiv8A@mail.gmail.com>
Cc: IETF <ietf@ietf.org>
To: Phillip Hallam-Baker <phill@hallambaker.com>
References: <CAMm+LwiOfdptL6u=SyCtQnz7xKrJD6HTDkKs+JGeHf54CSiv8A@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf/mtAzxjU0h--xKJpQfO3QJ2mQBLc>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 14 May 2018 16:29:06 -0000

We are working on text for S/MIME that says that each portion of a MIME multi-part needs to be handled in its own sandbox.  The direct exfiltration that is described happens because the mail user agent glues the various portions together for display to the user, which in the example on the web page causes an image to be fetched from the attacker's website with the message plaintext as part of the URL.

Russ


> On May 14, 2018, at 11:52 AM, Phillip Hallam-Baker <phill@hallambaker.com> wrote:
> 
> This is a security issue certainly, but it is a particular type of issue that arises from attempting to analyze the security of a large and complex system built from parts whose interactions as so complicated that they are never likely to be sufficiently understood.
> 
> https://efail.de/ <https://efail.de/>
> 
> Basically the attack is to create a new multipart MIME message and sandwich the ciphertexts we wish to break between chunks of HTML with a URL reference to a web server we control.
> 
> This sort of attack could be devastating in certain situations.
> 
> 
> The other attack they describe, the CBC gadget attack is one that I have already been using a control against. I use a key derivation function to calculate IVs rather than passing them in-band. I started doing this because it cleans up the message flows a lot but it also turns out to have security advantages.

v2.23.0 | Report a Bug | By Email