Re: [smime] Problems with versions
Peter Gutmann <pgut001@cs.auckland.ac.nz> Thu, 05 May 2022 12:34 UTC
Return-Path: <pgut001@cs.auckland.ac.nz>
X-Original-To: smime@ietfa.amsl.com
Delivered-To: smime@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F7E2C15E6C5 for <smime@ietfa.amsl.com>; Thu, 5 May 2022 05:34:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bFqTBYa53JMm for <smime@ietfa.amsl.com>; Thu, 5 May 2022 05:34:47 -0700 (PDT)
Received: from au-smtp-delivery-117.mimecast.com (au-smtp-delivery-117.mimecast.com [103.96.21.117]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E49F2C15E6C7 for <smime@ietf.org>; Thu, 5 May 2022 05:34:46 -0700 (PDT)
Received: from AUS01-ME3-obe.outbound.protection.outlook.com (mail-me3aus01lp2238.outbound.protection.outlook.com [104.47.71.238]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id au-mta-21-S_a4EDVYOJGHjG7MmWOQEw-1; Thu, 05 May 2022 22:34:41 +1000
X-MC-Unique: S_a4EDVYOJGHjG7MmWOQEw-1
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com (2603:10c6:10:10b::10) by MEAPR01MB5398.ausprd01.prod.outlook.com (2603:10c6:220:64::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5206.13; Thu, 5 May 2022 12:34:39 +0000
Received: from SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::4d78:e58:4ae1:d3ec]) by SY4PR01MB6251.ausprd01.prod.outlook.com ([fe80::4d78:e58:4ae1:d3ec%7]) with mapi id 15.20.5206.027; Thu, 5 May 2022 12:34:39 +0000
From: Peter Gutmann <pgut001@cs.auckland.ac.nz>
To: Russ Housley <housley@vigilsec.com>
CC: IETF SMIME <smime@ietf.org>
Thread-Topic: [smime] Problems with versions
Thread-Index: AQHYXXIMHf7j2iQTy0ie4a2+MgHkeK0LkVWAgASshiE=
Date: Thu, 05 May 2022 12:34:39 +0000
Message-ID: <SY4PR01MB62512D541C42E6873562A17CEEC29@SY4PR01MB6251.ausprd01.prod.outlook.com>
References: <SY4PR01MB6251E381603FAFE558685D86EEFE9@SY4PR01MB6251.ausprd01.prod.outlook.com> <CA16AFE1-CB97-4134-8FC9-4B8B964ACD6E@vigilsec.com>
In-Reply-To: <CA16AFE1-CB97-4134-8FC9-4B8B964ACD6E@vigilsec.com>
Accept-Language: en-NZ, en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 21bf6792-d512-4643-1f4f-08da2e939f89
x-ms-traffictypediagnostic: MEAPR01MB5398:EE_
x-ms-exchange-atpmessageproperties: SA|SL
x-microsoft-antispam-prvs: <MEAPR01MB5398521ABBB385BC7096D111EEC29@MEAPR01MB5398.ausprd01.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0
x-microsoft-antispam-message-info: ygTsrwueDi7b37rB6Xrl8valhzw+SX7wGIWk8kf6cjL/uuyibPqbwJ/e3TTqcQzF+NHB6b5H7d17xDYeb8dhp0+dj8BRqDVQ9qSWXrZsH9Ot2IUufrhe81Yo9a4ZctP+2E+5THqO6jVTLi/y6goXReG3gAowy0MSQj3Kyg8xQ/k4VJ4VeZmq6rBNp61RCO7gnPpLyTBMQYS5Nyf6MnG5uk//OtlqZHFAgRa6pQnVYS0D4Uf0k9Pi+A6nIJsEb9gmI24hRwA0jOUprA724+FJoJdUBzsX6xNH2uaRnbxqzeW07G24CaKmByFFSR0gjISB6ZFqgT6PMBBi9r8JaXh557WEOA4AogqnfYa/8Yk9toXrPTvkf50py1qB61F2XYcy7O0+iuQhHJ/CVbn/pncsKs3l7tUVWQ1W0tBUmX5zQj9TcglCRqTzi9L4vD7MEoSEBwWPop4BbyFUlycyE5t2WTagjhtkYpc/s7Yt8zqltquAda94yWleQSeqcrVxZGWn8hGOGwy2w9A2I454ZRVM316ReFa29CoqEOjuAKfy2KimmeuJEeXIWuqkGd1CvcCDE+0SFKBiEqJUOX/lwAQR9SIjs6FjkFWur+7e84GyAoAUrSzphHlmMyKos66aCXhIDTEoxEl9zncFV5IEhr09QuPh0QRf7PpHdx8WtwZtASnYPFUsYsPxNUOZpiQOdSqMx2fFP+T2yxQR++Hu+7tvDA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SY4PR01MB6251.ausprd01.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(4636009)(366004)(66556008)(122000001)(76116006)(4326008)(55016003)(66946007)(2906002)(66446008)(64756008)(8676002)(66476007)(33656002)(786003)(6506007)(316002)(9686003)(71200400001)(83380400001)(26005)(86362001)(6916009)(186003)(38100700002)(52536014)(38070700005)(8936002)(5660300002)(508600001)(7696005); DIR:OUT; SFP:1101
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: D2fv75zrt6GUpePAk/jxqaUm98sdjClCCR1rbyvOsDNfNKpTWYiS2U2XLL5iZhAYUMWiu/lSKIbFnJk7Pi0JwFyqLC7pkXGDTqnkWUunBgD3mVMeQhbTDnIIN1gUt+5dZAMivmkdy1X5uRKM/DDM0YHU3Lc6rJ7faxapc7bg/+x4u9o+ZL0WLZeGIoDFHFfJWmDMq3NBNFQ4zLNWO0RtXY01FnJXJBNyvnoLcFs/O2EVzy9+PKKSFPGb4TTcYxihNBv7sCa7qk6IUYsHgupjoBGOgLcgNVnC9qQ2JUAB6D5QM2yQDv9BCYxV5khuiz8y0gsowpmObLxjL7JMadejqjMteVkhXtePoPyoj13C9c448k3M/TTkE8jseIYrI/ZIR6R/SDGmi9EZaLNCQjTIwEfmjHwxzFd5llg0+6aBZigvKLhKPBmS342z2a6+EnBx00RbUhUgOG3BLGZ6ngkQ6AZuXxHpQtsPnBkK1+jog+F9Lye2VF/3YwbZF4N1JRZP+UqLnp27T5wWEkefGDTQaWP0vJR6XSlLNtxdfgfgkLFc7x9w/4NHH5X2429fJb44k9BPmeyLVB6iWRooN/cyskWPwDRxaXBBwLw9vX/O9CVhD7qRxRZtlMLu1scY3WVN4HRbs1W+6YIOgDSKa64HDPdgeuqaWmxImNbY1ry8GN7K/2OokuOM3xh5gktBY07PLebBBipWzfyFQ3915gVh60JLAuaieh2Tof9Z+3qbr+Po70154xrRRXMfH0j8N5HvPbOv66MpVAJKLvtkYvlBtSMK+6s8Flrd1kSJFk8AjK7OLMzzMQGklwh5jlDdRPhj+apv6/1u9QQDeJxS/VrrS5XvGTY35Orc9nRyPW3VLuspeRtbPe6TzvhtLSW2d1O9WhiTuypSX5pqzbI3+sCj1gpm+g/xtbC6gdMAgO4IVCU7fEC/RrSyLJ1oqgJFljOs2+5w/IYD84V/6cCBqwHNWPceyt8QSkqbCJnD2aLtraA2rHEXxZiv3Jz6kp/iHSyMhWC6GbAmE2+ITIX01GqoyVFdne943IwAvu7Lu2xGiXpAiWNhlf8Zb+MKetbUHj1O11hVI+ItpqqzK4QXujEHZVCbVkXoyfr9oO14s5fcg5hgHDsn+YnzfSQmcENtnNhztKVtY1zjedOniEri8BgrjO7AzGD3aR4rxyi9O9HItC8GVFgPYcUCLyyk4/cHvfqpUlnOjNd4m8gH5pAdppOE+uq+eUqMvXRGVYbaSJMNwv4M9vAQ8KLbviygBbRnoMhe3bL2mQFZwpfeowZqZ0LqSxVtYkjSUCbqCRiZ9bcufwcec6cIvaIR2SJMFztX0UBsy6r52VDvAFbY9q1uo/FG41U71Z/2l0+/eXnDUBQuQ8HWZoLfAa0doHUtfAkM3cuZi0Pe0+Jw5Fd680J0yPB3Jtda5LOUF1G2JseVbjLyT8ojENQAuar6Y2kDqeXN/gMTCi9jvIbTIINlm06ZHLT1uqTiXv7hCTf7PxLG7q8V7iIugE3w28K1ZgKJx7EsYxVtx32knZVGfDgTEvVrhqKhwNKq9ngMKFUbpi7eboGuFPrhoI4A60gojqga2/ukawLGDph5mESQ3H5HaAmi/YjIGoRqfhBzP+4+TAq3zUcWNjsTRl+aikcCwAro4P9r6tq765Iurc7UPiGVB4alep1wVvvUga3FrMc4IT/MYlDN7XYXEzBMGTxn5AypRH+hw3jKRNuC0jF+iAUhP0FkwEnUs/0OX7cxmPYpq3JrTx/WJAE=
MIME-Version: 1.0
X-OriginatorOrg: cs.auckland.ac.nz
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SY4PR01MB6251.ausprd01.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 21bf6792-d512-4643-1f4f-08da2e939f89
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 May 2022 12:34:39.7667 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: d1b36e95-0d50-42e9-958f-b63fa906beaa
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iTJw6x7kCmXcFFIuLhGCScYbGhG2NhMJrG5/J2CjyqCsMNrYKiPO0TrvVWCpBLzr24GvusmtMhZFwubdAiMANKsC3hjVssZ4JwMX7X/kLFw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MEAPR01MB5398
Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=CAU17A13 smtp.mailfrom=pgut001@cs.auckland.ac.nz
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: cs.auckland.ac.nz
Content-Language: en-NZ
Content-Type: text/plain; charset="WINDOWS-1252"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/smime/ENeJzppBO6wHOF7Ik2zci7NrH3g>
Subject: Re: [smime] Problems with versions
X-BeenThere: smime@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: SMIME Working Group <smime.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/smime>, <mailto:smime-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/smime/>
List-Post: <mailto:smime@ietf.org>
List-Help: <mailto:smime-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/smime>, <mailto:smime-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 May 2022 12:34:49 -0000
Russ Housley <housley@vigilsec.com> writes: >That is, an unrecognized version can save the recipient for getting a parsing >error. But they won't be getting a parsing error, see the example I gave: > SignedData { > version = 7, > digestAlgorithms, > content, > signerInfos { > signerInfo version = 7, > signerInfo version = 6, > signerInfo version = 1 > } > } If you change the SignedData version to 1 then an implementation that doesn't understand version 6 or 7 signerInfos can still process the message because there's a version 1 signerInfo present. However if you set it at 7 then the implementation is being told it can't (or shouldn't) process the message even though it can. The fact that there's some not-currently-recognised but totally processable (meaning read the header and skip the remaining payload) entry somewhere further down in the message doesn't mean that the whole message should be marked as unprocessable by an implementation. If there's any implementers still on the list, what would your code do if it encountered the above message? And what would it do if the SignedData version was 1 instead of 7? Peter.
- [smime] Problems with versions Peter Gutmann
- Re: [smime] Problems with versions Russ Housley
- Re: [smime] Problems with versions Peter Gutmann
- Re: [smime] Problems with versions Carl Wallace
- Re: [smime] Problems with versions Russ Housley
- Re: [smime] Problems with versions Russ Housley
- Re: [smime] Problems with versions Carl Wallace
- Re: [smime] Problems with versions Peter Gutmann
- Re: [smime] Problems with versions Peter Gutmann
- Re: [smime] [lamps] Problems with versions Russ Housley
- Re: [smime] [lamps] Problems with versions Peter Gutmann