[Users] [Bug 4159] Decryption Oracle based on replying to PGP or S/MIME encrypted emails

noreply at thewildbeast.co.uk noreply at thewildbeast.co.uk
Sun Feb 24 15:45:39 CET 2019


https://www.thewildbeast.co.uk/claws-mail/bugzilla/show_bug.cgi?id=4159

--- Comment #4 from Jens <jens.a.mueller+claws at rub.de> ---
> did you mean the opposite?
> "[...] because PGP/MIME can be downgraded to PGP/INLINE."
>                ^^^^^^^^                      ^^^^^^^^^^

Yes :)

As in: the attacker captures a PGP/MIME encrypted email (which should be more
common these days), but places it into the body of a text/plain message to
enforce the user agent to interpret it as PGP/INLINE.

Personally, I'm not a friend of letting users decide. Imho option 1) should be
fine, as no sane user agent should produce plaintext||pgp-inline-encrypted.
(However, copying + pasting ascii armored ciphertext and an additional text
could produce such a message. On the other hand, in such cases it can be
assumed that the communication partners want to manually encrypt/decrypt the
message on the command line anyway.)

One more thing to think about, in case option 1) is implemented, is that the
attacker can encrypt her text to:

-----BEGIN PGP MESSAGE-----
[Attacker's ciphertext]
-----END PGP MESSAGE-----
-----BEGIN PGP MESSAGE-----
[Unknown ciphertext]
-----END PGP MESSAGE-----

Therefore, only one single ascii armored data blob per message (or per MIME
part) should be accepted (again, no sane UA should produce multiple blobs
within one message part, correct?)


In any case, for Claws this issue is somewhat limited because it affects "only"
careless users who do not scroll down the entire communication history. In
various other email clients, the encrypted part can be completely hidden with
HTML/CSS when receiving and replying to a message which is much worse.

Therefore: Yet another good reason to *not* support HTML email :)

-- 
You are receiving this mail because:
You are the assignee for the bug.



More information about the Users mailing list