[Users] [Bug 4159] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sun Feb 24 11:52:49 CET 2019


https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159

--- Comment #3 from Andrej Kacian <andrej at kacian.sk> ---
Just for clarification - by:
"[...] because PGP/INLINE can be downgraded to PGP/MIME."
               ^^^^^^^^                      ^^^^^^^^^^

did you mean the opposite?
"[...] because PGP/MIME can be downgraded to PGP/INLINE."
               ^^^^^^^^                      ^^^^^^^^^^

I can certainly reproduce this (and anyone working on this will have to
reproduce it with PGP message blocks encrypted to their secret keys), and agree
that this is an issue. I am however unsure how to best solve it without
blocking users from legitimate uses of inline PGP.

I think we should focus on the first described case (PGP/Inline), as I do not
consider the latter case (plaintext leak via PGP/Mime and PGP/SMIME replies)
really a leak - if the user explicitly selects the decrypted plaintext for
inclusion into a reply, it is reasonable to assume that they want to include it
there.

Ideas:
1. Require that a PGP/Inline message is at the very beginning of the message
body (or a text/plain message part), otherwise do not even attempt to decrypt
it.

This is rather easy to implement, and would be an ideal solution if we could
assume that users always want to protect the entire message body, and not just
some critical part in the middle (something analogous to
"[spoiler]...[/spoiler]" tags on various web forums). Admittedly, that sort of
usage is probably quite rare, but possible.

2. Display a warning dialog on starting a reply if the quoted text would
include a mix of unencrypted and (originally) encrypted text, and let the user
decide how to proceed.

This would be slightly more difficult to implement, since at that point in the
code, the entire displayed content is already decrypted, and there is no
programmatic way to determine which portions were originally encrypted.
However, I think it could be done by adding GtkTextMarks around the decrypted
content when the message is being decrypted and displayed.

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list