Hi,
On 30.04.19 14:29, ilf wrote:
https://github.com/RUB-NDS/Johnny-You-Are-Fired
While testing the MUA Balsa <https://pawsa.fedorapeople.org/balsa/> using the
proof-of-concept messages provided on Github, I noticed that many (most? all?) of the RFC 3156
message parts are not recognised by it. Looking at the message source (e.g. “Attack Class
'MIME', Test 'M1' (PGP/MIME)”), it appears that the header
Content-Type: multipart/signed; boundary="BOUNDARY";
protocol="application/pgp-signature"
is missing the “micalg” parameter. However, RFC 3156, sect.. 5 states that
OpenPGP signed messages are denoted by the "multipart/signed" content type,
described in [RFC1847]
which defines in sect. 2.1
Required parameters: boundary, protocol, and micalg
Consequently, Balsa (and maybe other MUA's, too) simply ignores such
multipart/signed parts as they don't comply with the standard.
Did you omit the parameter intentionally, i.e. did I miss something
interpreting the standards (typically, the value is never used), or are these
proof-of-concept messages broken?
Thanks in advance,
Albrecht.
pgpaAOCJGkm5D.pgp
Description: PGP signature
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp