[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 Jan Kundrát changed: What|Removed |Added Status|REPORTED|CONFIRMED Ever confirmed|0 |1 --- Comment #10 from Jan Kundrát --- > That's interesting, however I'd not rely on the config of the > IMAP server for > end-to-end security (which PGP is assumed to provide). And we are not, which is why I also added that second sentence :). E-mail headers and ESMTP-level envelopes not being covered by PGP. The IMAP server "can lie to us", and I claim that this does not open any extra attack vector compared to, e.g., your ESMTP host maliciously mangling stuff on delivery. That was my point. > Depends on your point of view. I would not say those issues are super-bad. > However, if we really want to rely on PGP for critical tasks > I'd say there is > still room for improvement in the UI of mail clients. Assume you receive a > signed email from you employer with testcase #2 which includes a > task-to-be-done-immediately (e.g. "The President: >>launch > missiles<<") -- you > may be stressed and not look into the signature details and just do it... Thanks for reporting this. I think that adding the signer's recipient address into the "valid signature" area will be an improvement. For anybody reading this -- patches welcome, I will only have a chance to work on this in a week or two, I guess. -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #9 from Jens Mueller --- Hi Jan, > You might see different results from what I see because > different servers parse garbage input in a different way. That's interesting, however I'd not rely on the config of the IMAP server for end-to-end security (which PGP is assumed to provide). > As a side note, I do not think that *that* would be a > security issue because e-mail headers are forgeable Absolutely, but a lot of users assume that PGP can exactly counter the problem of forgeable email headers using digital signatures (even though a binding between the From:/Sender: address and the email address in the matching PGP has never been defined in the OpenPGP standard). > Trojita always unconditionally shows both Sender and > From fields if they are present. Yes, but only the display name, not the actual email address. For me, the testcases look as shown in attachment 115532. > Do you see a security problem in here? Depends on your point of view. I would not say those issues are super-bad. However, if we really want to rely on PGP for critical tasks I'd say there is still room for improvement in the UI of mail clients. Assume you receive a signed email from you employer with testcase #2 which includes a task-to-be-done-immediately (e.g. "The President: >>launch missiles<<") -- you may be stressed and not look into the signature details and just do it... > What we could do is to always show the e-mail address > which was matched. Would that make sense from your > point of view? Yes, I think it's a good practice to explicitly show the email address of the matching key (if available) and therefore answer the signed-by-whom question (or at least deligate it back to the user). Greetings Jens -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #8 from Jens Mueller --- Created attachment 115532 --> https://bugs.kde.org/attachment.cgi?id=115532=edit Screenshots of testcases -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #7 from Jan Kundrát --- Jens, I've now fetched the keys from keyservers (it took them a few days to be reachable from any keyserver I tried, and then later I was AFK). Note that Trojita extracts From/Sender/etc fields via the IMAP server's BODYSTRUCTURE command. You might see different results from what I see because different servers parse garbage input in a different way. (As a side note, I do not think that *that* would be a security issue because e-mail headers are forgeable, anyway.) I locally signed the pubkey to make it "valid". After that, the first two test cases started showing a green marker for "valid signature". The remaining three show a warning about "signed by stranger" (probably due to the way how my IMAP server parses these headers). The green tick is shown for the first two test cases: 1) First one: To: brucewayn...@web.de From: The President Reply-to: The President Subject: Testcase 'trojita' 2) Second: To: brucewayn...@web.de From: presid...@whitehouse.gov Return-Path: brucewayne...@web.de Sender: iPhone Reply-to: presid...@whitehouse.gov Subject: Testcase #11 'from sender, others: signer' In other words, it only shows a green tick if any address in either the "From" or "Sender" fields match the e-mail in the signature. I think that the code is working as designed. It is designed that way to support workflows involving mailing lists and message bouncing. Trojita always unconditionally shows both Sender and From fields if they are present. Do you see a secutiry problem in here? What we could do is to always show the e-mail address which was matched. Would that make sense from your point of view? -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #6 from Jens Mueller --- Hi Jan, Sry, uploaded the key to the keyservers. Greetings Jens -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #5 from Jan Kundrát --- Hi Jens, first of all, thanks for including us in your research. I've tried to reproduce your finding, but I cannot obtain the pubkey 460E80E5FB7A6EED from the public keyservers. Trojita therefore shows just "Some signature: missing key" as a short summary, followed by a "Key 460E80E5FB7A6EED is not available in the keyring. Cannot verify signature validity or do anything else. The message might or might not have been tampered with." after a click-through. Can you please upload your public key somewhere so that we can take a look? -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #1 from Jens Mueller --- Created attachment 115221 --> https://bugs.kde.org/attachment.cgi?id=115221=edit Testcase 'from sender, others: signer' -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #4 from Jens Mueller --- Created attachment 115224 --> https://bugs.kde.org/attachment.cgi?id=115224=edit Testcase 'from1: sender, from2: signer' -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #2 from Jens Mueller --- Created attachment 115222 --> https://bugs.kde.org/attachment.cgi?id=115222=edit Testcase 'from sender, others: signer' -- You are receiving this mail because: You are watching all bug changes.
[trojita] [Bug 399050] Signature spoofing in PGP encrypted email (ID layer)
https://bugs.kde.org/show_bug.cgi?id=399050 --- Comment #3 from Jens Mueller --- Created attachment 115223 --> https://bugs.kde.org/attachment.cgi?id=115223=edit Testcase 'from1: sender, from2: signer' -- You are receiving this mail because: You are watching all bug changes.
