[Top] [All Lists]

Re: MIME media type literal packet in OpenPGP

2011-03-11 14:04:24

On Mar 11, 2011, at 1:39 PM, Vinnie Moscaritolo wrote:

* PGP Signed: 03/11/2011 at 10:39:52 AM

I just posted an informational draft about some minor changes that the PGP sdk
is now supporting.   comments and complaints are welcome.

be kind, this is my first time doing this.

This looks reasonable enough to me.

I'd add a note to the Security Considerations section that when using this 
method on a signed document, the MIME type is changeable without invalidating 
the signature (since the signature hash does not cover the literal packet 
metadata).  This could allow an attacker to force a particular content handler 
to run (say, by changing text/plain to image/jpeg).  When encrypting (or 
signing+encrypting) the MDC helps you here, but for a signed (only) document, 
there is an opening for mischief.

Also, a minor typo:

   By providing more information beyond the existing binary and text
   formats this extension and can enable the automated selection of an
   appropriate media viewer for the decoded content.

"...and can enable..." should probably be "...can enable...".

I like this bit:

   o  The MIME media type MAY have an OPTIONAL null byte termination.
      Any data that follows such a null byte should be discarded and not
      considered part of the MIME media type.

That effectively leaves open a possibility of having a third (hopefully small) 
string in that field, which may be useful someday.

Implementation-wise, there is a minor gotcha here as GPG actually allows nulls 
in the filename.  By default, GPG ignores the filename field, but there is an 
option (--use-embedded-filename) which tells GPG to actually use that field for 
the filename, and it will interpret a null as a literal "\0" (i.e. backslash 
plus zero).  I wouldn't worry terribly much about it, but if this draft is 
adopted we'll have to update GPG to handle it.


<Prev in Thread] Current Thread [Next in Thread>