IETF Logo Mail Archive

[openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)

Andrew Gallagher <andrewg@andrewg.com> Fri, 06 December 2024 23:16 UTC

Return-Path: <andrewg@andrewg.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8F82C151076 for <openpgp@ietfa.amsl.com>; Fri, 6 Dec 2024 15:16:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=andrewg.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bupGyEgzrfkV for <openpgp@ietfa.amsl.com>; Fri, 6 Dec 2024 15:16:54 -0800 (PST)
Received: from fum.andrewg.com (fum.andrewg.com [135.181.198.78]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DAE5C14F6E3 for <openpgp@ietf.org>; Fri, 6 Dec 2024 15:16:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=andrewg.com; s=andrewg-com; t=1733527011; bh=H6hKCCeZRGKZ+3dUKBYn+FXgG01Ibg+ANAOX7pmrMik=; h=From:Subject:Date:References:Cc:In-Reply-To:To:From; b=H+NL2SxUZiuC2OL6FRqHltYeMlA1ePhgKb9TBqKPRHhA9n/U46FHxMR5ceUTm4t0J dOcu7OWiQ5a4B+djR/RFM/G0znfnynieNT7n5ze7+F2a8BfrAetvIZUj/oJRgYnSCH PL/+s9En9+vKaKgzv/5+1CkG0C+9nA0+rPrZ3++r42ZAehBa6tt1+7phA+cMMV73Ql B0po31NUEZXEsaOD44uDSJlBOEpz/YgrLKgEy1nIqDuty+ck2HVDDd1YxVNPUcIQjn BtiJXQvlXMI5eUc3os0wBeKz94o0gTjONucVIXLLopWwF6d1sgNkY/HEFSbZMnZf4C OnkgpM9bv2B3A==
Received: from smtpclient.apple (unknown [176.61.115.103]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (Client did not present a certificate) by fum.andrewg.com (Postfix) with ESMTPSA id 42DC55ED5E; Fri, 6 Dec 2024 23:16:51 +0000 (UTC)
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
From: Andrew Gallagher <andrewg@andrewg.com>
Mime-Version: 1.0 (1.0)
Date: Fri, 06 Dec 2024 23:16:39 +0000
Message-Id: <1BD8352F-A41A-443E-924B-1B48246D1962@andrewg.com>
References: <fccfcb95-c047-4a42-ba21-2098171fdf9c@kuix.de>
In-Reply-To: <fccfcb95-c047-4a42-ba21-2098171fdf9c@kuix.de>
To: Kai Engert <kaie@kuix.de>
X-Mailer: iPhone Mail (22B91)
Message-ID-Hash: 4RNUO3GPPW4QLY5RV3X5AOCBKW3BAQLT
X-Message-ID-Hash: 4RNUO3GPPW4QLY5RV3X5AOCBKW3BAQLT
X-MailFrom: andrewg@andrewg.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-openpgp.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: IETF OpenPGP WG <openpgp@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [openpgp] Re: Proposal for update to RFC3156 (PGP/MIME)
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/O3kxBfjJTmWXngwIEmlxR-ZFUeU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Owner: <mailto:openpgp-owner@ietf.org>
List-Post: <mailto:openpgp@ietf.org>
List-Subscribe: <mailto:openpgp-join@ietf.org>
List-Unsubscribe: <mailto:openpgp-leave@ietf.org>

On 6 Dec 2024, at 21:25, Kai Engert <kaie@kuix.de> wrote:
> 
> 
> (When using an OPS packet, I assume you'd still have to deliver a trailing packet with the actual signature data in the second MIME sub part.)

Correct.

> I'm concerned this could potentially be used by a malicious sender to craft messages that intentionally display a different message to recipients based on the software they are using, with the intention to trick them.
> 
> To avoid that, could we require that the text/plain part must be empty?

We could, but that wouldn’t stop naive clients from displaying it. We’d have to refuse to process the message at all if this condition were violated. We’d also need to be careful about how to define “empty” in a fault-tolerant way.

Alternatively we could display both parts, but render the second part separately to make it clear that it is not signed over, to prevent a new efail vector.

That said, this would still only close off one such attack vector. So long as we support multipart/alternative an attacker will always be able to create invisible salamanders.

> Do you think it's necessary for broad compatibility to use the modified micalg parameter as you suggested, or could the signature packet alternative be placed in a separate attribute of the content-type header like this?
> 
> Content-Type: multipart/signed;
> boundary="12345678”;
> protocol="application/pgp-signature”;
> micalg=pgp-sha256;
> signature-data="
>  wpgGARsKAAAAKQWCY5ijYyIhBssYbE8GCaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce6
>  2azJAAAAAGk2IHZJX1AhiJD39eLuPBgiUU9wUA9VHYblySHkBONKU/usJ9BvuAqo
>  /FvLFuGWMbKAdA+epq7V4HOtAPlBWmU8QOd6aud+aSunHQaaEJ+iTFjP2OMW0KBr
>  NK2ay45cX1IVAQ=="

I worry about duplicating the algorithm info in both the micalg parameter and the embedded signature packet, so if we were to do this I’d use a generic micalg value. But also, adding a novel parameter to multipart/signed would require an update to RFC1847 as well. I haven’t tested whether this would cause any actual issues in practice, but I think it would be safer to be conservative unless there’s a compelling reason to define a new parameter.

A

v2.37.1 | Report a Bug | By Email | System Status