Re: Thoughts on an OpenPGP header?

To: Simon Josefsson <jas@xxxxxxxxxxx>
Subject: Re: Thoughts on an OpenPGP header?
From: "Peter J. Holzer" <hjp+mutt@xxxxxxxxx>
Date: Mon, 6 Dec 2004 16:06:20 +0100
Cc: mutt-dev@xxxxxxxx
In-reply-to: <ilueki47bpa.fsf@xxxxxxxxxxxxxxxxxxx>
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: "Peter J. Holzer" <hjp+mutt@xxxxxxxxx>, Simon Josefsson <jas@xxxxxxxxxxx>, mutt-dev@xxxxxxxx
References: <iluis7je20c.fsf@xxxxxxxxxxxxxxxxxxx> <20041205184606.GB4168@xxxxxxxxx> <ilueki47bpa.fsf@xxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Mutt/1.4.1i

On 2004-12-05 21:05:21 +0100, Simon Josefsson wrote:
> "Peter J. Holzer" <hjp+mutt@xxxxxxxxx> writes:
> 
> > On 2004-12-03 18:16:03 +0100, Simon Josefsson wrote:
> >> Another is a "Secure reply" button, that uses the Key ID information
> >> in the header, to make a signed/encrypted reply to a message.
> >
> > The way mutt chooses the key(s) to encrypt a message with could surely
> > be improved (in mutt 1.4.x at least, I don't know the current status in
> > 1.5.x). Taking the key id from the OpenPGP header might be a good idea.
> 
> Presumably it uses the To: e-mail address, and let GnuGP select the
> correct key id.

No, it searches the key ring itself and presents a list of matching Ids
to the user if it finds more than one matching key for an address (or
asks directly if it finds none).

What I was thinking about - sorry for not spelling it out in the first
place - was something like this:

For each recipient:

    search for a key with a matching uid.

    If there is exactly one, use it. 

    If there is more than one:

        If one was used to sign the message, use this key

        Otherwise, if one was used to encrypt the message, use this key

        Otherwise, if one is mentioned in the OpenPGP header, use this
        key.

        Otherwise ask the user.

    If none was found, ask the user for a key id.

Werner is right, though, that this opens a possibility for a
man-in-the-middle attack:

Suppose Alice sends a message to Bob. I'm Mallory, the malicious mail
man, and intercept the message. I add a Cc header with my mail address
(possibly a faked one which looks similar to someone Alice and Bob know)
and an OpenPGP header with a corresponding Key ID.

Bob will read the message. He will see the CC, but cannot know that it
wasn't added by Alice, but by me, since PGP/MIME doesn't protect
headers). So he will reply to both Alice and me and I can read the
response. 

However, that possibility already existed before, and using the openpgp
header does not make it significantly easier to exploit. In any case,
unless Mallorys key is already sufficiently trusted by Bob (unlikely if
it is a faked identity), Bob will be asked whether he really wants to
encrypt the message with this key.

        hp

-- 
   _  | Peter J. Holzer      | If the code is old but the problem is new
|_|_) | Sysadmin WSR / LUGA  | then the code probably isn't the problem.
| |   | hjp@xxxxxxxxx        |
__/   | http://www.hjp.at/   |     -- Tim Bunce on dbi-users, 2004-11-05

Attachment: pgpGWKzDOPGMh.pgp
Description: PGP signature

Follow-Ups:
- Re: Thoughts on an OpenPGP header?
  - From: Simon Josefsson

References:
- Thoughts on an OpenPGP header?
  - From: Simon Josefsson
- Re: Thoughts on an OpenPGP header?
  - From: Peter J. Holzer
- Re: Thoughts on an OpenPGP header?
  - From: Simon Josefsson

Prev by Date: Re: Thoughts on an OpenPGP header?
Next by Date: Re: [PATCH] send2-hook
Previous by thread: Re: Thoughts on an OpenPGP header?
Next by thread: Re: Thoughts on an OpenPGP header?
Index(es):
- Date
- Thread