Re: [openpgp] PGP/MIME, RFC 3156, Require empty boundary preamble lines
Werner Koch <wk@gnupg.org> Mon, 20 September 2021 15:00 UTC
Return-Path: <wk@gnupg.org>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 48E063A136F
for <openpgp@ietfa.amsl.com>; Mon, 20 Sep 2021 08:00:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001,
SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=gnupg.org
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id PiW4rMzmxWz3 for <openpgp@ietfa.amsl.com>;
Mon, 20 Sep 2021 08:00:14 -0700 (PDT)
Received: from kerckhoffs.g10code.com (kerckhoffs.g10code.com
[IPv6:2001:aa8:fff1:100::22])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id C177D3A1364
for <openpgp@ietf.org>; Mon, 20 Sep 2021 08:00:12 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnupg.org;
s=20181017;
h=Content-Type:MIME-Version:Message-ID:In-Reply-To:Date:
References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=HACoZO0U3e3/uzOpo21cNQP6/2hc0uTdRlv1x16xQqs=; b=Jv+E3otbaxsm/brkRk87KTToxb
vmqDtq/yOvWlR0yXjCSQ+uUgKIxyIBfWmPXvsuedJiBeAYZPMBD8OryJQ5ZUzO2huB5tOTg3oOUnS
XD/mg7VsQy1m7scBEvCsHa9wkZxDgPFY7xYGC0u7ijTGHnl3c3c0otJrrPA9FP9bkew0=;
Received: from uucp by kerckhoffs.g10code.com with local-rmail (Exim 4.89 #1
(Debian)) id 1mSKm8-0000Kz-F7
for <openpgp@ietf.org>; Mon, 20 Sep 2021 17:00:08 +0200
Received: from wk by wheatstone.g10code.de with local (Exim 4.92 #5 (Debian))
id 1mSKji-0005sQ-WA; Mon, 20 Sep 2021 16:57:39 +0200
From: Werner Koch <wk@gnupg.org>
To: Kai Engert <kaie@kuix.de>
Cc: openpgp@ietf.org
References: <4e17aa02-e78c-3d48-8a68-7342996ddedd@kuix.de>
X-message-flag: Mails containing HTML will not be read!
Please send only plain text.
Jabber-ID: wk@jabber.gnupg.org
Mail-Followup-To: Kai Engert <kaie@kuix.de>, openpgp@ietf.org
Date: Mon, 20 Sep 2021 16:57:32 +0200
In-Reply-To: <4e17aa02-e78c-3d48-8a68-7342996ddedd@kuix.de> (Kai Engert's
message of "Mon, 20 Sep 2021 11:57:53 +0200")
Message-ID: <875yuvcn1f.fsf@wheatstone.g10code.de>
User-Agent: Gnus/5.13 (Gnus v5.13)
MIME-Version: 1.0
Content-Type: multipart/signed;
boundary="=New_World_Order_E.T._Cypherpunks_CCS_CUD_AIEWS_Rand_Corporation=Shoo";
micalg=pgp-sha256; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/2LIJriwYMHyeFPHJYfYukB49WVs>
Subject: Re: [openpgp] PGP/MIME, RFC 3156,
Require empty boundary preamble lines
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>,
<mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>,
<mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Sep 2021 15:00:22 -0000
On Mon, 20 Sep 2021 11:57, Kai Engert said: > is this list an appropriate place to discuss PGP/MIME topics? Sure. > Thunderbird 78 had added a non-empty preamble line, which was removed > by a mail transport agent, causing the signature verification to fail. Welcome to the party. Unfortunately there are many mail processing services which don't care about the MIME standard and willy-nilly modify messages or MIME header at any encapsulation level. I have seen changed content-encoding, new MIME header lines, or changed boundaries. It is quite common that signatures break as soon as they pass though some very helpful tools which have been sold to companies to "secure" their communication. To be fair; things are better than 10 years ago and most signed mail check out nicely (unless they got filtered out as spam as a few corporate mail gateways do). > Perhaps a future revision of RFC 3156 could state that preamble lines > inside the signed payload MUST be empty - in the hope that no I dont think that this is a good idea. First it is not an PGP/MIME but a general MIME issue, and second it solves only one of the problems with broken mail processing software. Shalom-Salam, Werner -- Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
- [openpgp] PGP/MIME, RFC 3156, Require empty bound… Kai Engert
- Re: [openpgp] PGP/MIME, RFC 3156, Require empty b… Werner Koch
- Re: [openpgp] PGP/MIME, RFC 3156, Require empty b… Daniel Kahn Gillmor
- Re: [openpgp] PGP/MIME, RFC 3156, Require empty b… Kai Engert