Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers

Ximin Luo <infinity0@gmx.com> Tue, 16 July 2013 22:05 UTC

Return-Path: <infinity0@gmx.com>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0C52421F9815 for <openpgp@ietfa.amsl.com>; Tue, 16 Jul 2013 15:05:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_47=0.6]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sBr7iKqiKuzp for <openpgp@ietfa.amsl.com>; Tue, 16 Jul 2013 15:05:13 -0700 (PDT)
Received: from mout.gmx.net (mout.gmx.net [212.227.15.19]) by ietfa.amsl.com (Postfix) with ESMTP id DC04921F93DB for <openpgp@ietf.org>; Tue, 16 Jul 2013 15:05:12 -0700 (PDT)
Received: from [192.168.1.66] ([109.152.229.244]) by mail.gmx.com (mrgmx001) with ESMTPSA (Nemesis) id 0LZzKf-1UHx0M3Hpd-00lj4T for <openpgp@ietf.org>; Wed, 17 Jul 2013 00:05:11 +0200
Message-ID: <51E5C397.6050403@gmx.com>
Date: Tue, 16 Jul 2013 23:05:11 +0100
From: Ximin Luo <infinity0@gmx.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:17.0) Gecko/20130518 Icedove/17.0.5
MIME-Version: 1.0
To: openpgp@ietf.org
References: <51D360B2.1070709@gmx.com> <51E4FEF0.7010004@gmx.com> <87fvvekji2.fsf@vigenere.g10code.de> <51E50442.8050701@gmx.com> <877ggqkemm.fsf@vigenere.g10code.de>
In-Reply-To: <877ggqkemm.fsf@vigenere.g10code.de>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="----enig2TITFOIFMPJJIAXRAATFB"
X-Provags-ID: V03:K0:ZS9ka9evqUUSFnhacf/2F3yJHGKDWv5OxRxD2UAXSwPsDQFVT12 oh3r1vUiGcwI4w29qY8bOiQPNhifmjJGrz7aV2ZqfYv9uWj1Q/cPaJ8M1lFLj+fxMCJjdmo Y+xaT5Mfe4cDfu1q3Ml6UrZrTpZnrg5ojrX2r3WW/4XxtA/md1kh9girCg05MBtUqev/AnI TQBTs3KXk0zIS0s4ap9PQ==
Subject: Re: [openpgp] signed/encrypted emails vs unsigned/unencrypted headers
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/openpgp>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Jul 2013 22:05:19 -0000

On 16/07/13 11:01, Werner Koch wrote:
> On Tue, 16 Jul 2013 10:28, infinity0@gmx.com said:
> 
>> Could you take a guess on why this feature is not used more? I haven't seen any
> 
> The first question should be, why OpenPGP is not used more.  The subject
> fulfills an important task: It allows to quickly sort and order
> messages.  An encrypted subject would require that you decrypt all
> messages even if you are not interested in them.  Further, support for
> arbitrary nested MIME structures seems to be broken in some MUAs.
> 

I think those are separate questions. :p

Your argument about "would require decrypt" is not tight; it applies equally to the message contents ("you can't search yada"). This is a trade-security-for-convenience approach, which is asking for trouble even if you can't explicitly think of an attack.

For maximum security, all headers that have end-to-end semantics should be added to the signed part of the message, and only the subset of these that are actually necessary for email to work correctly, should be sent in the clear.

For example, one could imagine an attack where you have 1000 messages in a thread with 10 people, then you could infer from the plaintext References: headers, a prediction on which of these 10 people are closely connected with each other. You can attack the plaintext To: header as I described in a previous post, and perhaps you can similarly attack the Subject: header even though right now it *seems* unimportant. A future application may use email transport in a novel way and treat the Subject: header to have much more valuable semantic meaning that affects application logic, wrongly assuming that PGP sign+encrypt is "secure" in that area.

X
 
> 
> Salam-Shalom,
> 
>    Werner
> 
> 
> p.s.
> What I do is to use a nonsense subject line for encrypted messages.  This
> helps to remember the context of a mail thread while not revealing the
> content of the conversation.
> 
」