With PGP/MIME messages, there is no indication which parts are signed

Steven Murdoch's Avatar

Steven Murdoch

12 Aug, 2013 02:12 PM

Which of our tools is giving you problems?

GPGMail

What’s the version of that tool?

2.0

What version of OS X are you using?

10.8.4

Please describe your problem. Add as much detail as possible.

One nice feature of GPGMail is that it shows which part of the message is signed (shown in a box with "Signed PGP part"). This seems to work well with inline PGP, but not with PGP/MIME.

For example, see an arbitrary email sent to a mailing list: http://www.cl.cam.ac.uk/~sjm217/volatile/pgpmimesigned.txt

As you can see from the source, the body of the message is signed, but the footer "tor-dev mailing list..." is not.

When this is displayed, there is no indication that only part of the message is signed (http://www.cl.cam.ac.uk/~sjm217/volatile/pgpmimesigned.png).

This does leave the opportunity for attack, because someone could append arbitrary text to a message and a user would still think that the whole message was signed.

Please describe what you did expect instead

When only part of the message is signed, that part is surrounded with a box saying "Signed PGP part".

If you remember, please describe the steps leading up to the problem

Verification is automatically performed.

  1. Support Staff 1 Posted by Luke Le on 15 Aug, 2013 06:59 PM

    Luke Le's Avatar

    Hi Steven,

    we're not sure what to do with that yet.
    The "Signed PGP Part" should only be a work around for legacy inline support.
    Now if a mailman or any other "gateway" appends a part to the message, it would actually break the PGP/MIME message, since the standard says, a PGP/MIME message is only supposed to include exactly 2 parts. For signed message that is, the text or html part and a signature part.

    I've create a ticket for this, so we will revisit the issue:
    https://gpgtools.lighthouseapp.com/projects/65764-gpgmail/tickets/6...

  2. 2 Posted by Steven Murdoch on 15 Aug, 2013 09:16 PM

    Steven Murdoch's Avatar

    Hi Luke,

    Mailman is not quite adding a new part to the message, but is embedding the whole multipart/signed message as part of a multipart/mixed message. So the multipart/signed message has still two parts (Text/Plain and application/pgp-signature), but the whole email is of type multipart/mixed with one multipart/signed and one text/plain part (the mailman footer).

    So AFAIK, this is still compliant with the OpenPGP specification. This is a common scenario, and also will occur if someone forwards an OpenPGP signed message as part of another message.

    For comparison, mutt handles this case by starting signed data with "[-- The following data is signed --]" and ending it with "[-- End of signed data --]". I agree this is not that nice, but since MIME does allow for messages made up of signed and unsigned parts, I am not sure if there is a better alternative.

  3. Support Staff 3 Posted by Luke Le on 15 Aug, 2013 09:32 PM

    Luke Le's Avatar

    You might indeed be right that the multipart/signed doesn't have to be the top part of a message, but can be wrapped by other mime parts, for example multipart/mixed which would be correct then. I think we may have misunderstood this definition in the past. Thanks for the input!

    Unfortunately we've also seen enough cases, where a simple text/plain part is added.

    Regardless, GPGMail should deal with this properly, and I hope we find a more visually appealing way to display the signed part.

  4. 4 Posted by Steven Murdoch on 15 Aug, 2013 10:17 PM

    Steven Murdoch's Avatar

    I just checked and Enigmail doesn't handle this case significantly better. There is a line between the signed and unsigned parts, but there is no indication that I can see that only one part is signed.

  5. 5 Posted by Steven Murdoch on 16 Aug, 2013 12:02 AM

    Steven Murdoch's Avatar

    Sorry for the repeated followups, but I had another thought. This issue is really a special case of a more general problem that applies to all OpenPGP encrypted mail implementations that I'm aware of.

    When a mail is said to be signed, what it really means is that some of the body has been signed. The headers are not, and as a result it is well known that you can take a message, e.g. "You're fired" and change the To address to get a very different message. Similarly changing the subject can have a dramatic effect on the meaning of the overall message.

    Also, when a message is encrypted, the subject is left in the clear. At best this is an inconvenience and at worst a security risk for people who don't understand the limitation.

    So I would quite like encrypted or authenticated mails to be application/pgp-encrypted or multipart/signed where the body is message/rfc822. In this way headers are encrypted and signed. There would still need to be an outer set of message headers but the subject line here could be different and the headers shown to the user be the signed inner headers, not outer ones.

    That said, there are significant downsides to this approach, not least losing compatibility with the way other MUAs work. So I would still like to see a fix to the immediate issue I mentioned and deal with the more general problem at some later stage.

  6. Support Staff 6 Posted by Luke Le on 22 Aug, 2013 02:31 PM

    Luke Le's Avatar

    Hi Steven,

    your security concerns are more than valid and the suggestion of including the "real" headers in a separate RFC822 message clearly interesting, but as you also state, it would probably break many if not all implementations that exist.

    We'll hope to soon find the time to at least implement the partial solution and are also considering embedding the actual subject in the body of the message, so it can be encrypted as well.

    Thanks for sharing your thoughts!

  7. Steve closed this discussion on 18 Sep, 2013 01:45 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac