IETF Logo Mail Archive

Re: [openpgp] PGP/MIME message mangling

Albrecht Dreß <albrecht.dress@arcor.de> Thu, 23 May 2019 17:37 UTC

Return-Path: <albrecht.dress@arcor.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 587DC120099 for <openpgp@ietfa.amsl.com>; Thu, 23 May 2019 10:37:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.621
X-Spam-Level:
X-Spam-Status: No, score=-1.621 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FROM=0.001, FROM_EXCESS_BASE64=0.979, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0cogIvyJvMXY for <openpgp@ietfa.amsl.com>; Thu, 23 May 2019 10:37:02 -0700 (PDT)
Received: from vsmx012.vodafonemail.xion.oxcs.net (vsmx012.vodafonemail.xion.oxcs.net [153.92.174.90]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D58A41200B3 for <openpgp@ietf.org>; Thu, 23 May 2019 10:37:00 -0700 (PDT)
Received: from vsmx004.vodafonemail.xion.oxcs.net (unknown [192.168.75.198]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTP id A73C3F34E79 for <openpgp@ietf.org>; Thu, 23 May 2019 17:36:57 +0000 (UTC)
Received: from deneb.localdomain (unknown [89.0.144.201]) by mta-8-out.mta.xion.oxcs.net (Postfix) with ESMTPA id 7555919AD91 for <openpgp@ietf.org>; Thu, 23 May 2019 17:36:55 +0000 (UTC)
Date: Thu, 23 May 2019 19:36:34 +0200
From: Albrecht Dreß <albrecht.dress@arcor.de>
To: openpgp@ietf.org
In-Reply-To: <87blzv7x9h.fsf@fifthhorseman.net>
Autocrypt: addr=albrecht.dress@arcor.de; prefer-encrypt=mutual; keydata=mQENBFZ eB1EBCADhnPQMF2jqSiftx8rmkJ042TTo5Dj5zI89g4Ea2rNGrk70GT+g0wVg1r2ZdWNN3/BM+Hu rm/uKqhlj20peqmpbmAdR2R3avztfAdi0XK1wIyMKzER4z2ieo8mY2yZdcrTtjL/P92RHpHMqpIT xZBTk5p+TH02LdRgibBglcmc+gN8pF0ZMmMsbGT4J9ytyWXR7xvh+JCBN0NRhn8+Rz315bnKZPpG kbKaWwfQUsLwlRalLB2Tvc0nNIoTl1RPBHLIVdR/X4fVg3JJqqfzhJqshmd52PP3oHqNqgPMjHMu vGGQfIOWHifaZxKPyvS9AD+dMFZLFsW6J6Hgfm4YEJ3wtABEBAAG0KEFsYnJlY2h0IERyZcOfIDx hbGJyZWNodC5kcmVzc0BhcmNvci5kZT6JATkEEwECACMFAlZeCZQCGwMHCwkIBwMCAQYVCAIJCgs EFgIDAQIeAQIXgAAKCRDqQ877M5uDOk1nCADWLGh61nwMVCi5YiaqbzM4Ap7cSLc8+5OPml1cl9E zOKiwZZ06fP671EzUirJUxLJgMRieFJWVCUoB/q/VcGeyoHsvmFgqYCjkMFjXEfs7us8AU9ZSqZk ljh3zp+JcGXnNsga7GwIti6d8wNRJILxnH5FLLfHHxcLG0Sri5ObF1eQQO45u2xDadXs7hM88T00 holFAYUAd2LEvOsJdZfzXMjp0ygJ0CXAmzRrVGFOvP1ZGlY82xZhSX1w/+zB+6J56Pm2+LGXxK7q OTb0VFch8ywtieTafgwv+6dOpYWdRG03z6wveFLZ+ESwrOlgTYT7VgRuxPgdjWYuIWc0K3OkJuQE NBFZeCr0BCADiOO0bCOVjlRxS9oLXRYj2FALktwINuI14kPYH0dJOsEa+iK5FpV5gksuFFQPFCAn QInTbR06JXpExoVTebyaqFG95jYr9BEDlxAq12ztJUNYB6L2Uk8UhTzJ7T9RvVUE6UOTyHg4Qlhr xMr/WIBJTOgJLx0+PYX57eW8iFIkCutSQiyoL4TaQ6+FPOTqvbWfoghumtovDC3JErWvvOEEJohk 5/iN3/9nDwaUp7Z9sELsjxXXUe/BTAPprq31onioFHBpvfPg1LpzqkJtEqsRfFG3JxEPM1mOxT9a qCysZoHz+/Q9DOLJNIrht7gEna8bfWq96opp1YkXx84MDDGydABEBAAGJAj4EGAECAAkFAlZeCr0 CGwIBKQkQ6kPO+zObgzrAXSAEGQECAAYFAlZeCr0ACgkQTKlvDmfn2fiNcQf8DDH/OZUITKpNZDr 3/2RYoN63bFKeXqjsEKgUaKn1PoYTDNbpDQe9YfYAH1MP1jbvUsvl7iYo5sOk+0cLXNVEPWVLoMZ 5aapNhDX1coDh0fLMiGfvvoWALMkbSCLifYBJRBMx4u5MSzo9SiFRCnD2ZhaATKZZomopP/tjeON XoX4jrvN17jCswb9tv+luwaoYTLHeWKxXY3CIJTEuhq/6TVq1AfrTx2pfQDzO+hp996kzClVw+yF ol7LGd0gVapJ9z1FnmmEr7hgb+aT+nexEdkBav6L3+AEky19Oma8LbHrM7MCRgORKtmVXsGWE0kS BHMhjf926e+WP9yEvuJ5p77H/B/9jKylBKwezvvIuBHKNitk/0qwUECbpkN8gfRm/mfBGMQvuES/ /D2UZrr++CwdmpHPxrFOWz+hvwO6/K1wy9XpUbkhkzsyA4jZ+aPFZdTKAegMUHjClbapMZxZOoRg Cl2CupTNQf316mYUXB81m4pAdy1MCnLwf2s4h0WoI4Q2zhHOsqrB23TIQTgW61D0JtqCY4DjeuWd C80/3AtJNI4E4+vfhucTWKTib++IblagSNg7nyacRoehVJch79NVrOhKFrioo+p331VTiBzRXnhM 3YG07fQlGYdA6AwYlP22PAEvAI5wn5PG+lPkHmHVvz3QLoUzAS9PEUzXvlYPMyobhuQENBFZeDEs BCADNOXu0rM1UVZ5y/Fb1Uklcmujc/MgoLzANUISqonfX3TKiVnpvmaKcQMZ29xsk3mt4osv+1Ne hhGWoVorlSUGVWFrghwumPPxgb5WRAVE4NjaUMvtjZyXsHA/Uj7Q+WAvUgNeSbT6CkZRliH/eaXb 9pZf6j05tDm15ABAWMj9SEdaZQwQcEDZujDbrUa/oxx10ePyGFhpEuoha6yU0C6Fc6KG6jy5J5Lb bR7RrA/OEPhtRpRVnv7qdLyIZtwJUPNXz7JXTrm43sGjJLF3zjmTVJhrnCXp00Nhq4ydIdWqxokn RNmEJ3qj0Heeb+jHWr9pcEGBW6FuRtS/WxIWSIit/ABEBAAGJAR8EGAECAAkFAlZeDEsCGwwACgk Q6kPO+zObgzq/jAgAv4qOMbN4qud+5wtJCMCv3QkqHY2WUXqM8sj3rHyc15U+FzGOmjQNxOIJw7y t5Epws/hyVPEp0lc6qPMvTeZng3lANNfPVBvIL3FuUTcGgc3KOx2gnB7ZpVG0baNSziqMZbHXjUW S8e2ub9YiH3n5gSW6Oq1veG0eNLatFpvwB4g7kfsyD6J88/iRfuFDkY6ANcfy4pfeuBl9XeO4EvN c7E0a7Ki036042gdoAF4MrbEMqFCIQHID0jlqzc1i8WcjxkwC5YqfrJVzp4PROpEaMNP8tEKqKxK 4V5CFqfHjGlijRD4FIfJtU/GzeMLnzsVqmKtPtfDfpmwDc1n+gDJI27kBDQRWXgdRAQgA2nEFM3Z jewnmly96ehVLLZJxJxv773b3hWKIEBBw1QF5Hk7Qwd3OQnxr0IjCuop0eiTdRhymPsVLaoMMOwO +ckScbiIUwQELP4MG2Qmzv48wLq/kML2q/Y5+scwqTYG0yLbmV/XD4gp0GuQuSujp+8oFbqC+XF5 YloYxHxEvOS8YGkbJ0T9SRtTMNChdy3g/9bHZQdAWFLIU4ivffKwXQRgqWkybF+td1SCiNTrEkSE tfkdt9A4BYQ41byb/v2YBZhLBV1/LCrf9R25c4SIGP/LAngSEfJFhb8ecTAIKJpvPFxRWBHKNcTJ r4MqzCjQDsUDPZdN1SNhQF/jDkZUDDwARAQABiQEfBBgBAgAJBQJWXgdRAhsMAAoJEOpDzvszm4M 69OYH/AhfWKr6/+Ru43U9QAcodMcGIT9YBu9Q7jZdhtmJiHhukMcn4OZt7JX+UJO3QYyXupJPdkH EF/YqaH4wzu02b5n9ImX0hybVw++v5yCNqpFEtd3ZjbvOJgWNIDWFJ8mA1VFR3JVlWGtnv78bvr9 IPu44u1Qt//BPOtIFe2EG9+mmZkLhlBWezvt1CvZeadQg7KbFhuZHNOk48XSX1sBn9d3rcbskt37 5EygunPI7o2qEVEZ9WSvqUPTprnf9/C/DIk9iV4BdoVfHW+HExqwlVXKBYlJQdMGGZuvZyIq6GYE +VKXw55mTxkF9wZQ9hwaUoaQ+gMqhnwAZnJSlJipnlpa5AQ0EV8LO/QEIAIoQPU9cCKg8aNpQDlD 8q9SjICjrjj+4pzHvm6WjwbCcQZzeJdUP8E3E4/c1TllTyzmAoeyyEeIy4iGt0/kwk1WwhxlVadH sUTmT3D0ypkOpovHUQAhkLuy8TzUwTIgDx+aQnueUX96FCHgVfPKn0IY6vIUev/A3/21+ecpOSQK AYmT4m359p+Z9t+FEdt2yYATW+8vZiechlm9+3Of/pjOSuhqQBz5XuE0/qomiCYvmVzuyWsg735/ eNKQVd2dV6BQ+KS9g+6nVo0yMlT8PAgf/1HYkNDlPkgV1wOl1kre6/MxvASbEluSlR23rEN3BbwV mVSrOYudmzuNx85hdpHcAEQEAAYkBHwQYAQgACQUCV8LO/QIbIAAKCRDqQ877M5uDOmnrCACNONu FyVSqZpdJmJ49BTDVr3DNSJFZJbKEZ+AqQyOS0BiELtrwhCikkNWZzNbnrXv4effGq0orxSWNmop JC5/aHfypEmJnLKE4dljTXlzMJKPagO30GUayalCu08OXL5J0MoItkDxj+i6WIOvLw8G1xhEcX7h aQ/+6a8cC1CUaV+q8PCU/+3K2bxBkL58zHzNpg2JjtRC7nVlPRHkplUyZpCLe4OEOvW7l4i5z6+F Qvxw+8a/9dWTW6UGyMLwWbP3HZJbeyLbLIPfmii3qKzMbqj2kJM0zV0C70vI64Ic+mHk0SPL0vM5 ljPbzLZddiZeKgK2O5fMPpyJpYWcxHj7a
Message-Id: <CHLTLFPH.TL5TCWHM.LCNOWPQQ@S45ASV2L.XI727DVU.G2JBJDE2>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg="PGP-SHA512"; protocol="application/pgp-signature"; boundary="=-5wUnScgmqFYxvHFA0L2U"
X-VADE-STATUS: LEGIT
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/0VXJJz3eb0qLG43hv09qzXLiGM4>
Subject: Re: [openpgp] PGP/MIME message mangling
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 May 2019 17:37:07 -0000

Am 22.05.19 09:40 schrieb(en) Daniel Kahn Gillmor:
> I've just published a new draft that aims to collect examples of these manglings, and recommendations about sensible ways to handle them safely if you encounter them:

This will be very helpful IMHO!

> If you have any examples of mangled messages sitting around -- in your implementation's test suite, in your pile of bugs-to-be-reported, please think of this draft as a place to collect them, as well as a place to document how to most effectively work around these failures as they are encountered by a friendly MUA.

For multipart/signed, the signature may be broken by MTA (and POP3) transactions if any line in the data stream starts with a period (“.”, ASCII 0x2e) character.  In this case, RFC 5321, Sect. 4.5.2 and RFC 1939, Sect. 3, require that the period is doubled for the transmission, which the receiving party shall remove.  If it fails to do so, obviously the signature is broken.  The workaround is to just remove the extra period.

Actually, a message I sent to this list (<https://mailarchive.ietf.org/arch/msg/openpgp/SKclvRGw9kan13GSsP66NlHHKEc>) reached my mailbox with /exactly/ this error – in the line containing “[…]RFC 3156, sect. 5 states that[…]” the period has been doubled.  I verified with some test messages that neither my provider's MTA nor my POP client produces the issue…

Best,
Albrecht.

v2.23.0 | Report a Bug | By Email