Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers
Ximin Luo <infinity0@gmx.com> Wed, 17 July 2013 19:42 UTC
Return-Path: <infinity0@gmx.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C7621F8F67 for <openpgp@ietfa.amsl.com>; Wed, 17 Jul 2013 12:42:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.374
X-Spam-Level:
X-Spam-Status: No, score=-2.374 tagged_above=-999 required=5 tests=[AWL=0.225, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23eaRr8HfAaS for <openpgp@ietfa.amsl.com>; Wed, 17 Jul 2013 12:42:30 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.20]) by ietfa.amsl.com (Postfix) with ESMTP id 18FBC21E804C for <openpgp@ietf.org>; Wed, 17 Jul 2013 12:42:27 -0700 (PDT)
Received: from [192.168.1.66] ([109.152.229.244]) by mail.gmx.com (mrgmx101) with ESMTPSA (Nemesis) id 0LpObx-1UTlYu1aOz-00fAgT for <openpgp@ietf.org>; Wed, 17 Jul 2013 21:42:21 +0200
Message-ID: <51E6F39A.8040805@gmx.com>
Date: Wed, 17 Jul 2013 20:42:18 +0100
From: Ximin Luo <infinity0@gmx.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130518 Icedove/17.0.5
MIME-Version: 1.0
To: openpgp@ietf.org
References: <51D360B2.1070709@gmx.com> <CAG5KPzybcunUE3wO90icgQK5EpWecGa1e5LzL+-57aCWPrqUsw@mail.gmail.com> <51E5BFFC.1040505@gmx.com> <CAG5KPzz-xmGOV8p9h0ho1WKNdEez4M0VvdsQ5JafBpWYntJo3Q@mail.gmail.com> <51E6E21C.4020708@gmx.com> <51E6EB1E.8010209@fifthhorseman.net>
In-Reply-To: <51E6EB1E.8010209@fifthhorseman.net>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg="pgp-sha1"; protocol="application/pgp-signature"; boundary="----enig2ETDSLCAUJIKFSFISSUQT"
X-Provags-ID: V03:K0:JvZNSf9CMJuy+8FDrOJ2D/qQk3J4m+ich8ZT8NGnb0GSRQvQ/3+ mmfa/vALm+dcnGNrFiGgwOZdaMzH2GWew2EQuiBcEYxYIljYd+2wNgWtcSqMA2ObbFx3zHU OlQiGZqdtR3c6ldVR25l6kgckgbrtVIEvFWdhrPqp5ax7L8oAVaSgEhm81UdabPeDPengMo ICfVx1uhWlcVYvv29F+HQ==
Subject: Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Jul 2013 19:42:35 -0000
On 17/07/13 20:06, Daniel Kahn Gillmor wrote: > On 07/17/2013 02:27 PM, Ximin Luo wrote: >> As per [2], if I ever sign a message consisting of "yes" or "no" or some other short message with very little context, the attacker (whom I encrypted the signed message to) could use this signed message in some other context, fooling people that I said something I didn't. One might argue "how unlikely", but it's still an unnecessary caveat (i.e. complexity) in using encrypted email, which will confuse people not familiar with the details. >> >> My original point was that this attack is a specific example of a general design flaw in encrypted email - i.e. unsigned/unencrypted headers. > > the attack you're describing above has nothing to do with encryption; it > has to do with signatures. > > This is a fundamental vulnerability of any system that involves signed > data that is dependent for interpretation on unsigned context. This is > also the case for (e.g.) clearsigned plain text files. > It is *mostly* to do with signatures yes, but encryption does play a part - it adds the implicit *non-signed* information that the data is a message TO someone. (Although I take your point, a signed non-encrypted email also has this implicit metadata, and is vulnerable too.) If you signed a self-contained plain text file, this is not necessarily the case. > It sounds to me like you're proposing a way that some additional context > could be automatically signed by compatible mail user agents. I think > this is a fine idea, though i think it needs more detail than what has > been sketched out here thus far. For example, what should a compatible > MUA do if the signed message contains a signed copy of a header which > doesn't match the unsigned header of the message in question? what if a > signed message contains two sets of signed headers that conflict with > each other? how should an MUA represent the idea that headers are > signed? and so forth... > > it also sounds like it would be relevant for other e-mail signature > standards too, since S/MIME (for example) might want the same sort of > protection. This makes it out of scope for the current mailing list, > since it isn't OpenPGP specific. > > Werner already suggested that gnupg-users@gnupg.org might be a > reasonable place to have this more general discussion. Maybe followup > should happen over there? > Good points and yes, I will take this discussion there. Thanks for all the info and comments everyone!
- [openpgp] signed/encrypted emails vs unsigned/une… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ben Laurie
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Werner Koch
- Re: [openpgp] signed/encrypted emails vs unsigned… Ben Laurie
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo
- Re: [openpgp] signed/encrypted emails vs unsigned… Daniel Kahn Gillmor
- Re: [openpgp] signed/encrypted emails vs unsigned… Ximin Luo