ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] PGP/MIME message mangling

2019-05-23 22:31:24
from [Daniel Kahn Gillmor] [Permanent Link] 
On Thu 2019-05-23 19:36:34 +0200, Albrecht Dreß wrote:

For multipart/signed, the signature may be broken by MTA (and POP3)
transactions if any line in the data stream starts with a period (“.”,
ASCII 0x2e) character.  In this case, RFC 5321, Sect. 4.5.2 and RFC
1939, Sect. 3, require that the period is doubled for the
transmission, which the receiving party shall remove.  If it fails to
do so, obviously the signature is broken.  The workaround is to just
remove the extra period.

Actually, a message I sent to this list
(<https://mailarchive.ietf.org/arch/msg/openpgp/SKclvRGw9kan13GSsP66NlHHKEc>)
reached my mailbox with /exactly/ this error – in the line containing
“[…]RFC 3156, sect. 5 states that[…]” the period has been doubled.  I
verified with some test messages that neither my provider's MTA nor my
POP client produces the issue…


Thanks, Albrecht!  This is exactly the kind of stuff I'm looking for.

I've just added a "Doubled Dots" subsection to the draft at
https://gitlab.com/dkg/draft-openpgp-pgpmime-message-mangling that is a
copy of the first paragraph above as a placeholder, and a sample
clearsigned message with and without the mangling applied.

If you are up for proposing more detailed text, i'd be happy to take
recommendations, either as git merge requests or here on the mailing
list.

I think the remediation you proposed needs to be fleshed out a little
bit for robustness, though -- for example, you don't want to just remove
double-dots on every message that contains them.  You only want to try
removing doubled dots if you find them in the message *and* the message
signature does not validate.  Then you can try validating the message
with the doubled dots removed, and if so, use the repaired message.

Thinking with an implementer's hat on, and the worst-case scenario
paranoia that goes with it, i wonder how many iterations one should try
to apply such a repair operation before giving up and accepting that the
message doesn't have a good signature?

        --dkg

Attachment: signature.asc
Description: PGP signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [openpgp] Minor fixes for RFC 4880bis, Heiko Stamer
Next by Date:  Re: [openpgp] Minor fixes for RFC 4880bis, Werner Koch
Previous by Thread:  Re: [openpgp] PGP/MIME message mangling, Albrecht Dreß
Next by Thread:  [openpgp] Minor fixes for RFC 4880bis, Heiko Stamer
Indexes:  [Date] [Thread] [Top] [All Lists]