Re: [openpgp] Expected client behaviour ambiguity in signature verification
Peter Gutmann <pgut001@cs.auckland.ac.nz> Sat, 09 July 2022 06:31 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2491C15AD3C for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 23:31:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Xx3nRvWQtRn for <openpgp@ietfa.amsl.com>; Fri, 8 Jul 2022 23:31:54 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.23.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BC292C15AD3B for <openpgp@ietf.org>; Fri, 8 Jul 2022 23:31:53 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2241.outbound.protection.outlook.com [104.47.71.241]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-54-sz0uWnsKNZ2HWZEkVrH1ow-1; Sat, 09 Jul 2022 16:31:48 +1000
X-MC-Unique: sz0uWnsKNZ2HWZEkVrH1ow-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by MEXPR01MB1495.ausprd01.prod.outlook.com (2603:10c6:200:37::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5395.17; Sat, 9 Jul 2022 06:31:47 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::64d6:2532:7a7e:561d%6]) with mapi id 15.20.5417.021; Sat, 9 Jul 2022 06:31:47 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Justus Winter <justus@sequoia-pgp.org>, Andrew Gallagher <andrewg@andrewg.com>, "openpgp@ietf.org" <openpgp@ietf.org>
Thread-Topic: [openpgp] Expected client behaviour ambiguity in signature verification
Thread-Index: AQHYkjD+7RFeLf+yh0OXt7NsNXaCc610TM8AgAFJyzo=
Date: Sat, 09 Jul 2022 06:31:47 +0000
Message-ID: <SY4PR01MB6251E246194F1667459EAC4FEE859@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <d0483dcb-025b-37c2-9a26-e42133b506ac@andrewg.com> <87y1x3x4hd.fsf@europ.lan>
In-Reply-To: <87y1x3x4hd.fsf@europ.lan>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 955849be-b748-44c9-dc00-08da6174b2e0
x-ms-traffictypediagnostic: MEXPR01MB1495:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: vqsE2qYJE5TtPfUnGiXJU3dP8N9vfuMaiBm4+PJ8fjmDPOusu0FPUfRBX0ZJ23P0JZNo6SFLYsyI1GNqLdg1RsDEH5c7TM8UIFoYhfkWzu/I5HD3Qx1aBCZ02N7CmRIqjJMw1wESr3djQ1HhKx3HND9xgKcYXRm+W+aYtJ4xlZu6oDqnqP6Y304YTv6KkryC35IwNWUclmLKCGv+8JTj2TJnK88o/5J0zWAoKj9v7yk3j4QaWU2fqObfJqsbEIHiiwGRoT0Og8nkEOFhd92DNFuOWQtCC1ogLm+GCsVyvh7E3cj0Ec8HQxFjAwmK3Vo4mff1HCtgvR1USbcDqfxX2JR39FUjkeXp/+fQZktvxePCQslVgP2fIhgDrGf5AUzv7+efr8uLuAowDY24GTkupsxuz/xfs7YWJql69xPr3fTOqgUXSVUMKedgE1tcjlOFOAr4NyfQpbVZmrMNSCjYoBdD+zRkv5zttO64mTfdQuLy0n8OIP1iCCABpjBpUTbc6Ecrj/FXydFsygWrCwez3c0Nie4zvHI8krMRv0XymT6Wju6qfNRrg4SOjetWZYP/qIEnzTUa00Z+bhfimw9rp3m4VJrEGu9Mb7uTxNnVKiFBQfUQl0S4++UMqAVkyO2f6MfjnyABh68vtmx/tMrolMLNnxYanNT8gUouJhQmlOUJPad45YC31SFmRUZc3AE6oRm7bvrmLWuSxSHMqK3NIKhdqdAe5Q/D/dV0JLJtwdYaY2iR4GCghnt3wfiJwCCectZEyN43Dbt2OEepo+xmkRRi8lDvjbyF76mn9aQpwawhHqqZM42Hplf9tDqv6z2xMLFlajM6xTUwrJmEMPZRRw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(4636009)(376002)(396003)(136003)(39860400002)(366004)(346002)(55016003)(316002)(2906002)(38100700002)(83380400001)(186003)(33656002)(5660300002)(478600001)(66476007)(7696005)(9686003)(8676002)(76116006)(86362001)(66556008)(66446008)(52536014)(26005)(8936002)(41300700001)(786003)(64756008)(122000001)(6506007)(38070700005)(71200400001)(66946007)(966005)(4744005)(110136005); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: TkiiFI106AAG7xJLtQ7YeUNsS08e2zQy6ohdoItuTS9JNWiUuJESd76U28GRQm/FnNJ8G2tE9nRUYo1aPdQTZt9OCUYLLzLQ82Ykpc5zJGRuTLBi4+hC8Ms95a/5sLgr4pQDuXP3G0+wOCCaV3IsyUmbpofmOPNo1sbgfKD2P2l7HQyEEeBSrxdief8B3t5PR9JTl9BYU4CYwUC/b1a1IWlfNuDkQfvgzmgGGlApCI0V8RSkLPbR/OhLUr3spf+8y1zPT85Yuf/r6eSg9tFJKCSK+5+tjjQzl3+9QMS6rS2NJDbI+K0qEJHOU5nt3/aQbw1FnQCRljzZV/+sWFKiGomIM30vNVdfAYeKLgobAAvKvEbPB77LCnmMeQh/97uZCnLy7Y8k6XdwLnONixBgpV7FMdWUdFkesZasyNq2PhtmVkwuSGvvHaBHelcuIAyK7zKCUDSCInnZxfjf7biLGfmw++uvTVdTqZluMAsB37O67z4qyFcb9bklZIC/5iZHcGnkIMEpGTNB6ahwGmpfH3hA06ZBiBzXHWR2QetX5+0wGrzZVlP5u3lSVb5ma5Ll4kAYoRb/1MZnSZhK3IdEX0hcj4IpwjECNhxZOi6ny5diIc52ImGIgAqhL42q2Bya31njMzP24AR5wJ5Er0SYXuGgsqiuiLuwfG5+Z8Cnv8ZVReMhMXhPpBtUba3dNUAXg08wZVapel/cHtf9gP+8bZWVTBrdzt9bGwlYq906DuQiLZUgSElcHO/If65g2SbdldKT6rSIFzCaJqQpEnV79CnU2cs3ZjulW/sSSfmKxbfPfHrLH9OD2kejj3ypGS3IsJA7lAgfzTspDTW0F/HL6oZqmFmpm6sSdTC0VONXaZbZv2cEtRCVxb467U0P7ZPa0ey+ZaUJAwupf5KxsxCd9vUGwR6cAVwVznfN3GQ4D45GgG/5A32yMKarGfZpateMt6wshdeoUXAamCdagiZCCP4Ah7nOfK34ypJWU7yCsiyZKY77IEp2gza71l83o2hTXEg+FrTLIa15XA68BfTbi5ghKx+NTq50nai9RCOOomc3zkIts/a00Cb0ulf0UFGncewLw8XKls+0ruKHjnTATw/fXKzP5/EeM2Db34PUOnUzMAz1UzCGDhswsQvdGiCxDPwPippHspumydQ85YDOjlPWWtfDifDljtY20dq250O4okFWrpruZ4Rr6C5jVhg/sWxF0eThPW7jp6sH13UCeiPFKhKBpxzK83ohVUBGpw4H7AxKd6MElr53WAUm+ymr5EiWWMFqngQR1U6GJKsmcekGWnaIZ3mExCmsbRwMdCNQEOAPJhUpAD45uXj99UBbE0HbSxAEZiJMOeyez9MgSqc5Fb2ndIdBqNPqYA2V8l4QIn3upWdr8Rt9vJU6Oj2ZIuYa3NONwNJ+3zjAFS+C6UpUElRe0Cn4Rf74yytc5FiAB2T5Ky4+HaKcojFbiuhxbxs5Pq3muJE9Tt85OxrASwsOSfjXV7B38qxSDVoGV2YuYR/to6NczUGilmSH3Gxd3TuGlsB7L+Gk+czk/Tzp4CyItfpiiF6t0WUuli9Jl+8RPUQ7Z3xj0V5jbApAIaJL
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 955849be-b748-44c9-dc00-08da6174b2e0
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2022 06:31:47.1371 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: jytTtprcrCsVq7G1rcHnzGPfjKNtkmUTE9KnkkyxAvqlNMifU/cSqH2rKPOfS7NhvQPBSWTXZJC9mmrX++mqrLJMdDxLjYROyNpLEl0qzB8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEXPR01MB1495
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/U1dqRJYBiSNnLc8Kz-WhPSI9PmU>
Subject: Re: [openpgp] Expected client behaviour ambiguity in signature verification
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 09 Jul 2022 06:31:58 -0000
Justus Winter <justus@sequoia-pgp.org> writes: >I wrote a test to explore how the different implementations behave: > > https://tests.sequoia-pgp.org/#Signature_digest_prefix > >Every implementation I test sets the digest prefix correctly (GPGME's support >for gpg1.4 seems to be faulty, we see a lot of unexpected failures for >gpg1.4.) You may want to indicate in the text whether a check means "handles an incorrect prefix" or "checks for and rejects an incorrect prefix". In my code I just skip the prefix because I couldn't see what benefit there was to performing this check, the full hash value is present in the signature and since it's a non-keyed hash an attacker can just set it to anything they want. Peter.
- [openpgp] Expected client behaviour ambiguity in … Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Jonathan McDowell
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Nickolay Olshevsky
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Jonathan McDowell
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Paul Schaub
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Peter Gutmann
- Re: [openpgp] Expected client behaviour ambiguity… Justus Winter
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher
- Re: [openpgp] Expected client behaviour ambiguity… Daniel Huigens
- Re: [openpgp] Expected client behaviour ambiguity… Andrew Gallagher