[openpgp] PGP/MIME message mangling
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 22 May 2019 07:40 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202241200B1 for <openpgp@ietfa.amsl.com>; Wed, 22 May 2019 00:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=K2gTLNJD; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=4n/I+vvT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWVRggXET_mu for <openpgp@ietfa.amsl.com>; Wed, 22 May 2019 00:40:15 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C350212004B for <openpgp@ietf.org>; Wed, 22 May 2019 00:40:15 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1558510814; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=pnuAvxvznI79NJeKT3HYwMegg0FRhFymuwqw9L4xoFs=; b=K2gTLNJDMdOQKXPLc4dGCVvLrbkL4qVSFHYfShLmOVB1wmEI7ofNgZxK uxNS5RzilMOfP5vFe+bxftj9EFzyCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1558510814; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=pnuAvxvznI79NJeKT3HYwMegg0FRhFymuwqw9L4xoFs=; b=4n/I+vvTZY3qyOJbXhkhXjzWLAtFAj3h0ylJTgPhuIhE3oJaGXk6uhZq /roQDjg3wr2i2KvTA50yL5W95/gsvEH+ngxZ/QEx4JhcZYcQGnvhmoU7q5 qiFJSNjtbGK3VAZ1XuaItPmFtssIhDeoEkTg5nk8ExaB8NIYGSDM0T5dak xmJ23/QJ0DctFdDQy5TD/jnDhVO36HqKHfeQcnLw7SbsuQUhnvLkF9n72w 4vVricYy7w9B3QQFV68WvkeGLSvctmeZzVZtFAAqDkvnxFLih9ys6Sp27f ev4EEByrIjzmrMxCnffGqN3K9nnvdmnQ+iaqH8v61z/wY4Tn9R3LdA==
Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:4864:1fff:fe17:5aa8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 63B19F99D for <openpgp@ietf.org>; Wed, 22 May 2019 03:40:13 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id BDDBB201EE; Wed, 22 May 2019 03:40:10 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Wed, 22 May 2019 03:40:10 -0400
Message-ID: <87blzv7x9h.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/OTwKwP6PoSl5l8qgyh3NADclZdI>
Subject: [openpgp] PGP/MIME message mangling
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 07:40:18 -0000
Hi people interested in OpenPGP and PGP/MIME-- I think anyone who has worked with PGP/MIME messages has seen some MTAs break message structure or formatting in ways that make it difficult or impossible to perform the correct cryptographic operations on the message according to the specs. The fact that the mangling MTA may not be operated by the party whose message it is mangling makes it rather difficult to report the problem and get it fixed. That difficulty is exacerbated by not having a clear reference for the problem. Additionally, when some of those manglings become widespread or common, some implementers craft workarounds based on examples of the misbehavior. But often these workarounds are ad-hoc or private -- they aren't subject to review from the community, and they are tucked away in code that isn't particularly visible, leading many implementers to stumble upon similar problems independently and try to work around them on their own. I've just published a new draft that aims to collect examples of these manglings, and recommendations about sensible ways to handle them safely if you encounter them: https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00 Only one particular mangling is fully fleshed out in the -00 release (I've named it "Mixed up" encryption), but a few more are pointed at in TODOs. If you have any examples of mangled messages sitting around -- in your implementation's test suite, in your pile of bugs-to-be-reported, please think of this draft as a place to collect them, as well as a place to document how to most effectively work around these failures as they are encountered by a friendly MUA. My preferred goal, of course, is to get the MTAs to stop mangling messages. If this draft can be used as a reference for that kind of bug report ("Your MTA appears to be mangling messages according to section X.Y of this draft"), great! But even if we succeed in fixing existing implementations, mangled messages may linger indefinitely in archives, so having a reference for how to deal with them safely will hopefully be useful. I welcome comments and feedback here on the list, and pull requests or open issues at https://gitlab.com/dkg/draft-openpgp-pgpmime-message-mangling I hope this is useful work! --dkg
- [openpgp] PGP/MIME message mangling Daniel Kahn Gillmor
- Re: [openpgp] PGP/MIME message mangling Albrecht Dreß
- Re: [openpgp] PGP/MIME message mangling Daniel Kahn Gillmor