[openpgp] PGP/MIME message mangling
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Wed, 22 May 2019 07:40 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 202241200B1 for <openpgp@ietfa.amsl.com>; Wed, 22 May 2019 00:40:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=K2gTLNJD; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=4n/I+vvT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lWVRggXET_mu for <openpgp@ietfa.amsl.com>; Wed, 22 May 2019 00:40:15 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C350212004B for <openpgp@ietf.org>; Wed, 22 May 2019 00:40:15 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1558510814; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=pnuAvxvznI79NJeKT3HYwMegg0FRhFymuwqw9L4xoFs=; b=K2gTLNJDMdOQKXPLc4dGCVvLrbkL4qVSFHYfShLmOVB1wmEI7ofNgZxK uxNS5RzilMOfP5vFe+bxftj9EFzyCw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1558510814; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=pnuAvxvznI79NJeKT3HYwMegg0FRhFymuwqw9L4xoFs=; b=4n/I+vvTZY3qyOJbXhkhXjzWLAtFAj3h0ylJTgPhuIhE3oJaGXk6uhZq /roQDjg3wr2i2KvTA50yL5W95/gsvEH+ngxZ/QEx4JhcZYcQGnvhmoU7q5 qiFJSNjtbGK3VAZ1XuaItPmFtssIhDeoEkTg5nk8ExaB8NIYGSDM0T5dak xmJ23/QJ0DctFdDQy5TD/jnDhVO36HqKHfeQcnLw7SbsuQUhnvLkF9n72w 4vVricYy7w9B3QQFV68WvkeGLSvctmeZzVZtFAAqDkvnxFLih9ys6Sp27f ev4EEByrIjzmrMxCnffGqN3K9nnvdmnQ+iaqH8v61z/wY4Tn9R3LdA==
Received: from fifthhorseman.net (unknown [IPv6:2001:470:1f07:60d:4864:1fff:fe17:5aa8]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 63B19F99D for <openpgp@ietf.org>; Wed, 22 May 2019 03:40:13 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id BDDBB201EE; Wed, 22 May 2019 03:40:10 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: openpgp@ietf.org
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Wed, 22 May 2019 03:40:10 -0400
Message-ID: <87blzv7x9h.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/OTwKwP6PoSl5l8qgyh3NADclZdI>
Subject: [openpgp] PGP/MIME message mangling
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 22 May 2019 07:40:18 -0000
Hi people interested in OpenPGP and PGP/MIME--
I think anyone who has worked with PGP/MIME messages has seen some MTAs
break message structure or formatting in ways that make it difficult or
impossible to perform the correct cryptographic operations on the
message according to the specs.
The fact that the mangling MTA may not be operated by the party whose
message it is mangling makes it rather difficult to report the problem
and get it fixed. That difficulty is exacerbated by not having a clear
reference for the problem.
Additionally, when some of those manglings become widespread or common,
some implementers craft workarounds based on examples of the
misbehavior. But often these workarounds are ad-hoc or private -- they
aren't subject to review from the community, and they are tucked away in
code that isn't particularly visible, leading many implementers to
stumble upon similar problems independently and try to work around them
on their own.
I've just published a new draft that aims to collect examples of these
manglings, and recommendations about sensible ways to handle them safely
if you encounter them:
https://tools.ietf.org/html/draft-dkg-openpgp-pgpmime-message-mangling-00
Only one particular mangling is fully fleshed out in the -00 release
(I've named it "Mixed up" encryption), but a few more are pointed at in
TODOs.
If you have any examples of mangled messages sitting around -- in your
implementation's test suite, in your pile of bugs-to-be-reported, please
think of this draft as a place to collect them, as well as a place to
document how to most effectively work around these failures as they are
encountered by a friendly MUA.
My preferred goal, of course, is to get the MTAs to stop mangling
messages. If this draft can be used as a reference for that kind of bug
report ("Your MTA appears to be mangling messages according to section
X.Y of this draft"), great! But even if we succeed in fixing existing
implementations, mangled messages may linger indefinitely in archives,
so having a reference for how to deal with them safely will hopefully be
useful.
I welcome comments and feedback here on the list, and pull requests or
open issues at
https://gitlab.com/dkg/draft-openpgp-pgpmime-message-mangling
I hope this is useful work!
--dkg
- [openpgp] PGP/MIME message mangling Daniel Kahn Gillmor
- Re: [openpgp] PGP/MIME message mangling Albrecht Dreß
- Re: [openpgp] PGP/MIME message mangling Daniel Kahn Gillmor