Message security; protected header fields

Hi mutt(1) and neomutt(1) developers! I reported around a month ago a couple of security vulnerabilities to neomutt(1), but which are also present in mutt(1) and every MUA (probably, I didn't do an exhaustive research). Vulnerability reports: -

Re: Message security; protected header fields

Hi Derek, On Thu, Apr 18, 2024 at 05:20:47PM -0400, Derek Martin wrote: >g. Protecting the recipients is problematic for potentially several > reasons--it prevents people from interacting normally with > threads and their recipients. The SMTP envelope needs at least > the

Re: Message security; protected header fields

On Fri, Apr 19, 2024 at 01:59:57AM +0200, Alejandro Colomar wrote: > BTW, now that I remember, while developing these things for neomutt(1), > I found that mutt(1) has a bug (?) by which it does actually protect > some header fields precisely in the way that I implemented them in > neomutt(1),

Re: Message security; protected header fields

On Thu, Apr 18, 2024 at 06:37:50PM +0200, Alejandro Colomar wrote: > Hi mutt(1) and neomutt(1) developers! > > I reported around a month ago a couple of security vulnerabilities to > neomutt(1), but which are also present in mutt(1) and every MUA > (probably, I didn't do an exhaustive research).

Re: Message security; protected header fields

On Thu, Apr 18, 2024 at 11:59:29PM +0200, Alejandro Colomar wrote: > Protecting the recipients and the in-reply-to doesn't mean hiding it. > It means providing a copy inside the signed part, so that it can be > verified against tampering. It's not about encrypting them. You can already do this

Re: Message security; protected header fields

On Thu, Apr 18, 2024 at 06:37:50PM +0200, Alejandro Colomar wrote: I reported around a month ago a couple of security vulnerabilities to neomutt(1), but which are also present in mutt(1) and every MUA So the main security vulnerability is that a recipient can tamper with header fields, and

Re: Message security; protected header fields

Hi Derek, On Thu, Apr 18, 2024 at 11:59:29PM GMT, Alejandro Colomar wrote: > Hi Derek, > > On Thu, Apr 18, 2024 at 05:20:47PM -0400, Derek Martin wrote: > >g. Protecting the recipients is problematic for potentially several > > reasons--it prevents people from interacting normally with

Re: Message security; protected header fields

On Thu, Apr 18, 2024 at 08:16:15PM -0400, Derek Martin wrote: > The message interception scenario is possible, but I think highly > improbable, especially for the sort of people who are using Mutt and > encryption--savvy users. It requires the attacker have superuser > access to the mail system

Re: Message security; protected header fields

On Fri, Apr 19, 2024 at 10:41:58AM +0800, Kevin J. McCarthy wrote: However, I'd like to point out that mutt added basic support for Protected Headers in the 2.0 release, following the Autocrypt project Ah, sorry, it was originally added in the 1.12 release (5/2019)! The 2.0 release added

Re: Message security; protected header fields

On Fri, Apr 19, 2024 at 01:59:57AM +0200, Alejandro Colomar wrote: BTW, now that I remember, while developing these things for neomutt(1), I found that mutt(1) has a bug (?) by which it does actually protect some header fields precisely in the way that I implemented them in neomutt(1), with