On Mon 2019-06-03 18:02:53 +0200, Örjan Ekeberg wrote: > As far as I understand the autocrypt protocol (i.e. not much;-) ), the > vulnerability is that an incoming message with a later time-stamp than > the locally saved autocrypt status can update the stored state > (e.g. turn off encryption). Manipulating the time-stamp to make the > message appear to be *older* than it really is should only mean that it is > less likely to update the saved state? > > If this is correct, using the oldest of all the time-stamps seen in the > Date-header and any of the Received-headers should be the most > defensive.
It's the most defensive against one form of attack: forging e-mails intended to update the user's Autocrypt state about a given peer. But another form of attack is also possible: convincing the user to *not* update their Autocrypt state about a given peer, while leaving the original message otherwise plausible and intact, thereby raising no suspicions about delivery problems. I'd like notmuch's Autocrypt implementation to try to defend against either attack where possible. --dkg
Description: PGP signature
_______________________________________________ notmuch mailing list email@example.com https://notmuchmail.org/mailman/listinfo/notmuch