Your message dated Thu, 24 Apr 2014 14:12:38 -0500 with message-id <[email protected]> has caused the report #745553, regarding emacs24-el: mml2015-always-trust should default to nil, not t to be marked as having been forwarded to the upstream software author(s) [email protected]
(NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected] immediately.) -- 745553: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=745553 Debian Bug Tracking System Contact [email protected] with problems
--- Begin Message ---[If possible, please preserve the 745553-forwarded address in any replies.] This bug was filed recently, and I suspect it might be something you'd like to discuss upstream. Thanks Daniel Kahn Gillmor <[email protected]> writes: > Package: emacs24-el > Version: 24.3+1-2 > Severity: normal > > Hi emacs maintainers! > > in > > /usr/share/emacs/24.3/lisp/gnus/mml2015.el.gz > > i see this variable definition: > > (defcustom mml2015-always-trust t > "If t, GnuPG skip key validation on encryption." > :group 'mime-security > :type 'boolean) > > This is a security risk for users of encrypted mail. i believe it > should be set to nil by default. > > Here's why: > > Consider Alice, who has OpenPGP certificates for "Bob > <[email protected]>" and "Carol <[email protected]>" in her keyring (in > that order). She has certified them both, so there is one valid > primary key for [email protected] and one valid primary key for > [email protected]. > > Bob turns evil (or maybe his key is compromised) and he adds a new > User ID: "Bob <[email protected]>" to his OpenPGP cert. He publishes > the update to the keyservers. > > Alice, following best practices, updates her keyring from the > keyservers regularly. > > Alice's keyring now has two certs that have a "[email protected]" user > ID in them. One of them is valid, and the other one is not. > > Alice now composes a message to "Carol <[email protected]>" and marks > it with: > > <#secure method=pgpmime mode=signencrypt> > > As the message goes out, mml-mode just passes the e-mail address > [email protected] to gpg to encrypt the message body, and gpg uses the > e-mail address to select a key. Since Bob's key is first in the > keyring, it is the one that will be used. > > Bob then sneaks a peak at Carol's e-mail (maybe they're delivered to the > same server, or he has a machine on the same network), catches the > message in transit, and can decrypt the content, violating Alice's > message confidentiality expectations. > > Please set mml2015-always-trust to default to "nil" instead of "t". > > --dkg > > -- System Information: > Debian Release: jessie/sid > APT prefers testing > APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages emacs24-el depends on: > ii emacs24-common 24.3+1-2 > > emacs24-el recommends no packages. > > emacs24-el suggests no packages. > > -- debconf-show failed > -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4
--- End Message ---
