[openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)
Kai Engert <KaiE@kuix.de> Fri, 06 December 2024 21:25 UTC
Return-Path: <KaiE@kuix.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7F52BC15152B for <openpgp@ietfa.amsl.com>; Fri, 6 Dec 2024 13:25:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.103
X-Spam-Level:
X-Spam-Status: No, score=-2.103 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=kuix.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JL7DV26VgLSo for <openpgp@ietfa.amsl.com>; Fri, 6 Dec 2024 13:24:57 -0800 (PST)
Received: from cloud.kuix.de (cloud.kuix.de [93.90.207.85]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 78914C151077 for <openpgp@ietf.org>; Fri, 6 Dec 2024 13:24:57 -0800 (PST)
Received: from [IPV6:2003:c8:af32:cd00:c55a:fbda:b38:6c1a] (p200300c8af32cd00c55afbda0b386c1a.dip0.t-ipconnect.de [IPv6:2003:c8:af32:cd00:c55a:fbda:b38:6c1a]) by cloud.kuix.de (Postfix) with ESMTPSA id 52AFB19D082; Fri, 6 Dec 2024 21:24:55 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kuix.de; s=2018; t=1733520295; bh=ZijvLa7pdN0cSun5lD2qUzRqU053wHOGnhYZ186pcn0=; h=Date:Subject:To:Cc:References:From:In-Reply-To:From; b=F7r6RZRnJUZxFjHeNlKdxpnD7md9UFEW5mtzmc4SRtmweXGTiBleAE9+zPVwcOV4X chX6igJ9MdAhOkzvskoOspzaaiC9kdZCQGMXP8LY9A46UxC/dm7P6ojnSrD7IBpfhs P7hXVe2ZJCR+khCVN7l7V2we/Y53VsmWvFDXyvPlCYYaYRNeYuebEBanuhTP+24QLF H5C+8CXzdyhqQFh0+JcSjgdGq6Kf7VayGifF/v8H6fGPoXmqDUw9DwYWaleJzAUokv JTzrWSZdFftG7ZyFmagavL4C6m21cfOg8c4xf1PEobbmP3/gUnTR+yoVP5hx8IvMfA 4c2fWNfPxPjnw==
Message-ID: <fccfcb95-c047-4a42-ba21-2098171fdf9c@kuix.de>
Date: Fri, 06 Dec 2024 22:24:55 +0100
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Andrew Gallagher <andrewg=40andrewg.com@dmarc.ietf.org>, IETF OpenPGP WG <openpgp@ietf.org>
References: <33BAA6B0-64ED-4877-8B94-AEDBC94C1FC1@andrewg.com>
From: Kai Engert <KaiE@kuix.de>
Autocrypt: addr=KaiE@kuix.de; keydata= xsFNBE8oE/UBEAC/Vx4tHVkfPdGf0BFMGcidXzAXKQ4+gI2F5rPBoV9fEtYngLHzm7+a6DL2 v5Jl5b4by9KtUbfIJysR1iniLWMJVPXZcyC4ovGouZ4MGK5cD9kMy+JdwebCs5/tj51vcvrS 08dP7r9Q0f0H7tsqhtVWuPFt+ZZEj8fIxjMgE3Z5BcyoGT1mXQ544RA0vr0fB9MngvfteD3L /wL2miDnYVtwB+VHC6kEB75Pte/yz1kFc/TDqKT8F45M3invhccY8Zwe7F88+uS+tgR5B3Ga RMc9WChZr5ed5vRxSLrGqBGSWBKomKuWXNFVMrZAOaq+W/+kOdNSXLdJSvXIAgV4Gywf1D0r ZTi8V+UoiTY8eDfT4OlBJrbbkge92/lrqaorAsuo/DVmfv7ARk7q2jvbSZD39zkWpLNsAulz gZOr+ffEHKy0f9fNwzenHpKvNtTUWGChEyDf7a6EtTBZsxAYco0xAtFOoQVwx5UzZk4tMVhv lrATrvmFdK5SLroDuwtSLUBJ5MhICyaB1kN7YSatQs33D+M5oPKVC+mn1WB/nznU475cssBW Asw+/K4VtXN08HxVFEvpV5MtpoYGe/cqsV87aVr/Igg45DVKtMMK8W5AmJDdGru3caxdVkkW fis9F1GBkk7ZPgip4cprh3KicuKsXhVrjk2mC/kCR+mrlY8ncQARAQABzSNLYWkgRW5nZXJ0 IChhdCB3b3JrKSA8a2FpZUBrdWl4LmRlPsLBlAQTAQgAPgIbAwULCQgHAwUVCgkICwUWAgMB AAIeAQIXgBYhBCHRbmfhg5jI2p3fLhwnQjclAHckBQJmUapXBQkZCsniAAoJEBwnQjclAHck opQQAJvFzJ/Hqm2x3kXI4biMalCYkJxm9y+SYtRfSQJe1x5f4YBaisxMQhipTosgUI4KdM2w 4R8aiVKc7B7wWukYCac+l1BgiGvK9Z9gcFD/4zgivBkQtUo3srawoBUJSchObqsCZrPYRmIT VkC9NEG9y6fHWnmTWY/3V0Lkx+z6YyBm9jfl3DLl0mVVUhfqkT+pZWODzvxWldTyCRbf4WNw LRR2PFCkx4FaepTEI/N0zxgyOWv/zjOEju7gCiqIdHYNtIPCEv0On46TnBvfgAa1mxLRC+SF Ue/9e9CzctKCNq2WXKDpJmqkQVvFs++wAn8Dk9CFMWNUeh9WZDQ6Wzk5oCIGcOkeZRZS+xKP Z5CXPJwsDKQmHD66KVBrTi2YIDPVh5P8ZmQqiXkYHHtjVA+LDD7YPoUwUbRqOz7M3S+sXl5w rmqip4lyMPW7wqLl16WLexKNWYs4HTd3ZaPLIgkLiykHDvOL106AYlo0mdfeVfOWkNXK/LIO Y5mMfqovgJCRIGjAyReGyB7snPTjqjdrxJ+BvMor4aO9Dm/YS1nZDOhqfxO/PIVtUvS5J1V2 mVpf7tHT4gyJ0ifbLSazydeGnwxoham6oSEaJn1YamQyWo734c/DuzGAs5qY2NhYfrC8iL/X Qm+aOthRhvClH/WnSmeetJnzfGtLvMp9nWkSx8zmzjgEZkPDLhIKKwYBBAGXVQEFAQEHQHPV GG7pWzEFJucX7b7tVZAaxViky5g+LnUetsj9iH85AwEIB8LBfAQYAQgAJgIbDBYhBCHRbmfh g5jI2p3fLhwnQjclAHckBQJmUavlBQkB7xw2AAoJEBwnQjclAHckz3cP/iVEhaJOdl58nP8t sS9ux6G+KhUsknix761NxhoF66jXl7jeer4MVTkIu+u1zs8+TqZqUbDdq6uHwj4KKjE/1W8r +8jKW+R0BiHnX/0ukPyPsDlthgsoTXbTFvXyUgmABWnXIA5cAgkkkTpMUmnHYnSbZFCiDRz4 39aziBmscRY9FviXCUIyT4EdwotMA8THl+pfAJL48e72u2DxRVuY6yYYoOzlbSCv0RQYoaR3 frG8eaVQsnwDJ/0TnYIR9UhoutsBXRmS8bqbcVD187wh/yCaGnHPmeBB7/xEoocsP8PEX/PX cjhm0q6eXkzGl3fcFCk77gezZm+LJgkdLwkhmt6KPZuyLfNVjOdp2hskG4d0L9ej//jjdRkW 9pGF2R3oLDix1xrB1Zz3EMn8intWNlOGHYw+P91OTNue9D4luIKKclKZpp5alJFsoNsDN23B a6oJ3a3AQohs62v/5WLDSWNuFOfkZiWN56rDbr7ZwjkniYYmOrBJ4uNFyASTDd1t5g4b8WUH eeYqnp+sxtvjnYZkN79YcyLDO+/pEXBwWYXFHJ3BzRBs7ShrGDTiXJ/xZBb/jiDXoJtMRV41 PjfajWU+FgonMnJBLdTViFeyldo+t2trB84uZFSB/RwcEBJZzwyzJ2X+ComWlrgHKxiFUjr3 80szCATUIp/RaZePsv3H
In-Reply-To: <33BAA6B0-64ED-4877-8B94-AEDBC94C1FC1@andrewg.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Message-ID-Hash: X7W5NOJCSRR772BXOVSEYH2EMDD47LDY
X-Message-ID-Hash: X7W5NOJCSRR772BXOVSEYH2EMDD47LDY
X-MailFrom: KaiE@kuix.de
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Daniel Huigens <d.huigens=40protonmail.com@dmarc.ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/ApsDdwGgdvriIB71ihLpXUOuZts>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>
Hi Andrew, On 28.11.24 18:59, Andrew Gallagher wrote: > We have previously discussed the possibility of updating RFC3156 to support v6 signatures. One particular concern is how to add the salt to the MIME header, but there is also the (long-standing) question of how to make PGP/MIME messages render more elegantly in naive clients (i.e. without displaying an unknown attachment). thanks, I'm interested in a solution that avoids rendering an unknown attachment in naive clients. > It occurred to me that since the `micalg` parameter in the `Content-type: multipart/signed` specification is fully protocol-specific, we can choose to put anything we want in there. And the easiest way to make it version-agnostic is to replace the digest algorithm name with an armored OpenPGP packet. > > If we used an OPS packet, ... As I understand it, this approach wouldn't avoid the "unknown attachment". (When using an OPS packet, I assume you'd still have to deliver a trailing packet with the actual signature data in the second MIME sub part.) > Alternatively, we could place the *signature* packet in the headers: > ... > The trailing signature MIME part is then redundant, however the multipart/signed spec requires one. So by analogy with multipart/encrypted we could add a fake “inline signature” MIME part, that PGP-aware MUAs could handle gracefully: I understand this approach is your suggestion for suppressing the unknown attachment. By using text/plain as the content-type of the second MIME sub part, you assume that naive clients will render it as inline text, not as an attachment. That's a great idea. I'm concerned this could potentially be used by a malicious sender to craft messages that intentionally display a different message to recipients based on the software they are using, with the intention to trick them. To avoid that, could we require that the text/plain part must be empty? > Daniel Huigens and I have tested by roundtripping both these constructions through postfix, Gmail and Protonmail -- they survived intact, and also displayed prettily. I haven’t tested whether a PQC-sized prefix signature header would survive such a roundtrip today, however support for such large headers would surely have to be implemented for ARC and DKIM signatures at some point. The OPS construction has the advantage that it will definitely work with PQC now, and the prefix construction has the advantage that it is pretty. Both have the advantage that the micalg parameter and the two MIME parts could be concatenated and streamed directly into the OpenPGP library with minimal pre-processing by the MUA. Thanks Andrew and Daniel for your testing, the "pretty" rendering of the prefix construction sounds promising. Do you think it's necessary for broad compatibility to use the modified micalg parameter as you suggested, or could the signature packet alternative be placed in a separate attribute of the content-type header like this? Content-Type: multipart/signed; boundary="12345678”; protocol="application/pgp-signature”; micalg=pgp-sha256; signature-data=" wpgGARsKAAAAKQWCY5ijYyIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6 2azJAAAAAGk2IHZJX1AhiJD39eLuPBgiUU9wUA9VHYblySHkBONKU/usJ9BvuAqo /FvLFuGWMbKAdA+epq7V4HOtAPlBWmU8QOd6aud+aSunHQaaEJ+iTFjP2OMW0KBr NK2ay45cX1IVAQ==" Thanks Kai
- [openpgp] Proposal for update to RFC3156 (PGP/MIM… Andrew Gallagher
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Kai Engert
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Andrew Gallagher
- [openpgp] Re: Proposal for update to RFC3156 (PGP… Daniel Kahn Gillmor