IETF Logo Mail Archive

Re: [openpgp] Put Signature in an Email's Header

Bart Butler <bart+ietf@pm.me> Fri, 20 October 2023 16:12 UTC

Return-Path: <bart+ietf@pm.me>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0D93AC151077 for <openpgp@ietfa.amsl.com>; Fri, 20 Oct 2023 09:12:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=pm.me
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dYZ3ZCJvMHji for <openpgp@ietfa.amsl.com>; Fri, 20 Oct 2023 09:12:34 -0700 (PDT)
Received: from mail-40134.protonmail.ch (mail-40134.protonmail.ch [185.70.40.134]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 635EFC14CEED for <openpgp@ietf.org>; Fri, 20 Oct 2023 09:12:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pm.me; s=protonmail3; t=1697818351; x=1698077551; bh=tSwblb0tmFoWfMIWZlBTPcV3gU6Dnw2U2VOELUX2E3A=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=j1mWMLMkcRz23geJlNZqXCuFhqGpa6Eag/UlvhevH7qIacMEEy8NTQsoiJ+44fPF9 GdGbR14EkHThvaNK/OskPx2TH93/rC57ZHoE2shJZtnWHWTm0Nw3668oZs+IosnAPB TPrvrihW4js1RTNdzzOq9Icy5O06RGsyEC2+ztJJ/ERaium96YL/qGEgsvII6B9tvo oN+LxTdzgXPRu7Qz7UBfv2adGlqfhubYbUM/0Jy3GLPwwWWFnTOQjXDLVCxhJkowCN ZcgAUOBIbvuCttwDeP+3UXc1XsN6J3MTRUmfJx41dq4n6rQgATU0ZOuKUrLsy5H+kL 7a68QcHFZQxTg==
Date: Fri, 20 Oct 2023 16:12:13 +0000
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
From: Bart Butler <bart+ietf@pm.me>
Cc: Kai Engert <kaie@kuix.de>, Andrew Gallagher <andrewg@andrewg.com>, Wiktor Kwapisiewicz <wikto@metacode.biz>, openpgp@ietf.org
Message-ID: <gs4sTQOlfHKBKjljEOtEtM657fi925oNKzW44f30Ah7L7kUQsucyoBrc9Qbc0qJ_C8VNeNTluv71COSCLSWBbpfyQ47SAsN5VugoN8fAKmk=@pm.me>
In-Reply-To: <875y32ihda.fsf@fifthhorseman.net>
References: <48be3fcf-cdce-9ef4-655b-63b6dddf9310@kuix.de> <db447915-fc25-4759-879e-b64020c0ec0e@kuix.de> <87zg31hoee.fsf@wheatstone.g10code.de> <ba560bb0-0fa5-40a2-b70d-83f36859e17e@metacode.biz> <87v8dphmec.fsf@wheatstone.g10code.de> <17a06888-8516-457f-8ef3-85b7c77ce2f6@kuix.de> <51A7082C-D4E0-4577-B3E5-0688664FDD0F@andrewg.com> <17566aae-8b29-4223-b641-26846f3d64f7@kuix.de> <875y32ihda.fsf@fifthhorseman.net>
Feedback-ID: 5683226:user:proton
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="------cf30e9f91f98058eaf3e46626c7ba53f3e820dd36d002b21e5f8edca06fa0ae3"; charset="utf-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/Hc5pRucuUahEL7Tkb11imxZYhEQ>
Subject: Re: [openpgp] Put Signature in an Email's Header
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Oct 2023 16:12:39 -0000

Hi dkg,

I think the point of B (where IIRC the outer layer was supposed to be multipart/signed and to denote the cryptographic envelope) was to try to avoid all the signature.asc and other useless invented files floating around by formatting the signature as a MIME header rather than a MIME part which unaware MUAs/MTAs do not know how to process and end up rendering as files. If it breaks Outlook though that is of course a large and maybe fatal problem.

The point of the encapsulation was to avoid all the complexity that arises from mixing signature headers with the headers it signs, such as occurs with DKIM.

The LAMPS recommendation is essentially the PGP/MIME status quo, right, where signature data is a separate MIME part and we get all the existing artifacts?

I agree that D serves no purpose.

-Bart

------- Original Message -------
On Thursday, October 19th, 2023 at 8:42 PM, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:


> 

> 

> Sorry for the long delay in following up on this discussion:
> 

> On Wed 2023-08-09 10:32:20 +0200, Kai Engert wrote:
> 

> > On 08.08.23 19:09, Andrew Gallagher wrote:
> > 

> > > I’d be wary of such a double-encapsulation, it feels fragile.
> > 

> > This is what we currently do when combining a signature and protected
> > headers:
> > 

> > multipart/signed (application/pgp-signature)
> > multipart/mixed (protected-headers)
> > headers
> > payload
> > signature data
> > 

> > And the new suggestion is:
> > 

> > multipart/mixed
> > signature-as-a-header
> > multipart/mixed (protected-headers)
> > headers
> > payload
> > 

> > Given that both use two layers around the payload, why do you consider
> > the new suggestion more fragile?
> 

> 

> Calling the above two schemes (A) and (B), and assuming that each line
> in the schema above is intended to represent a MIME part, i'll observe
> that (A) has been tested and shown to be problematic for viewing in some
> widely deployed MUAs (Outlook being the most visible).
> 

> For this reason, the recommendation that LAMPS has settled on in
> https://datatracker.ietf.org/doc/draft-ietf-lamps-header-protection/ for
> signed-only messages using the multipart/signed construct is scheme (C):
> 

> multipart/signed (application/pgp-signature)
> payload (protected-headers)
> signature data
> 

> That is, there is no separate MIME subpart for headers for a
> cryptographically protected message, and the headers that are protected
> in a signed message can simply be injected onto the payload MIME part
> directly.
> 

> Sending a test multipart/signed PGP/MIME mesage from Thunderbird 115.2.2
> (on debian) i see that the actual result is yet another approach, scheme
> (D):
> 

> multipart/signed (application/pgp-signature)
> multipart/mixed (protected-headers)
> payload
> signature data
> 

> I don't think there's anything to be gained from (D) over (C).
> 

> Scheme (B) (kai's "new suggestion" above) is also problematic, even if
> the "signature-as-a-header" is not its own MIME subpart. It's
> problematic because users expect a message to have a single
> cryptographic status, which means that the signature is best offered
> over the entire message -- and this wrapper looks like it is not a
> cryptographic envelope at all. (please see
> draft-ietf-lamps-e2e-mail-guidance for discussion of the cryptographic
> envelope).
> 

> If anyone wants to experiment with the kind of scheme referred to in the
> subject line, in particular trying to synchronize with the types of
> constraints that are necessary to keep DKIM signatures intact, i don't
> think it's a bad idea. But i don't think you need any alternate MIME
> structure to do it.
> 

> --dkg
> _______________________________________________
> openpgp mailing list
> openpgp@ietf.org
> https://www.ietf.org/mailman/listinfo/openpgp

v2.23.0 | Report a Bug | By Email