Re: Thoughts on an OpenPGP header?

To: mutt-dev@xxxxxxxx
Subject: Re: Thoughts on an OpenPGP header?
From: Simon Josefsson <jas@xxxxxxxxxxx>
Date: Mon, 06 Dec 2004 22:26:11 +0100
Cancel-lock: sha1:eWTYARYcACmJ+s3wVlcX4AARt1I=
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Openpgp: id=0xB565716F; url=http://josefsson.org/key.txt
References: <iluis7je20c.fsf@xxxxxxxxxxxxxxxxxxx> <20041205184606.GB4168@xxxxxxxxx> <ilueki47bpa.fsf@xxxxxxxxxxxxxxxxxxx> <20041206150620.GG30636@xxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Gnus/5.110003 (No Gnus v0.3) Emacs/21.3.50 (gnu/linux)

"Peter J. Holzer" <hjp+mutt@xxxxxxxxx> writes:

> On 2004-12-05 21:05:21 +0100, Simon Josefsson wrote:
>> "Peter J. Holzer" <hjp+mutt@xxxxxxxxx> writes:
>> 
>> > On 2004-12-03 18:16:03 +0100, Simon Josefsson wrote:
>> >> Another is a "Secure reply" button, that uses the Key ID information
>> >> in the header, to make a signed/encrypted reply to a message.
>> >
>> > The way mutt chooses the key(s) to encrypt a message with could surely
>> > be improved (in mutt 1.4.x at least, I don't know the current status in
>> > 1.5.x). Taking the key id from the OpenPGP header might be a good idea.
>> 
>> Presumably it uses the To: e-mail address, and let GnuGP select the
>> correct key id.
>
> No, it searches the key ring itself and presents a list of matching Ids
> to the user if it finds more than one matching key for an address (or
> asks directly if it finds none).
>
> What I was thinking about - sorry for not spelling it out in the first
> place - was something like this:
>
> For each recipient:
>
>     search for a key with a matching uid.
>
>     If there is exactly one, use it. 
>
>     If there is more than one:
>
>       If one was used to sign the message, use this key
>
>       Otherwise, if one was used to encrypt the message, use this key
>
>       Otherwise, if one is mentioned in the OpenPGP header, use this
>       key.
>
>       Otherwise ask the user.
>
>     If none was found, ask the user for a key id.

This sounds good, although I would alter your algorithm slightly into:

For each recipient:

    if the recipient sent the incoming message, and it was signed or
    encrypted, use that key.

    search for a key with a matching uid.

    Ask the user which key to use, using the one mentioned in the
    OpenPGP header as the default choice.

    If none was found, ask the user for a key id.

> Werner is right, though, that this opens a possibility for a
> man-in-the-middle attack:
>
> Suppose Alice sends a message to Bob. I'm Mallory, the malicious mail
> man, and intercept the message. I add a Cc header with my mail address
> (possibly a faked one which looks similar to someone Alice and Bob know)
> and an OpenPGP header with a corresponding Key ID.
>
> Bob will read the message. He will see the CC, but cannot know that it
> wasn't added by Alice, but by me, since PGP/MIME doesn't protect
> headers). So he will reply to both Alice and me and I can read the
> response. 
>
> However, that possibility already existed before, and using the openpgp
> header does not make it significantly easier to exploit. In any case,
> unless Mallorys key is already sufficiently trusted by Bob (unlikely if
> it is a faked identity), Bob will be asked whether he really wants to
> encrypt the message with this key.

If you use my algorithm, I believe the risks are even smaller.

Thanks,
Simon

Follow-Ups:
- Re: Thoughts on an OpenPGP header?
  - From: Thomas Roessler

References:
- Thoughts on an OpenPGP header?
  - From: Simon Josefsson
- Re: Thoughts on an OpenPGP header?
  - From: Peter J. Holzer
- Re: Thoughts on an OpenPGP header?
  - From: Simon Josefsson
- Re: Thoughts on an OpenPGP header?
  - From: Peter J. Holzer

Prev by Date: Re: Thoughts on an OpenPGP header?
Next by Date: Re: Thoughts on an OpenPGP header?
Previous by thread: Re: Thoughts on an OpenPGP header?
Next by thread: Re: Thoughts on an OpenPGP header?
Index(es):
- Date
- Thread