[Top] [All Lists]

Re: [smime] Message takeover attacks against S/MIME

2016-01-28 09:47:40
I do not know of any user agents that can be configured to accept only intern 
message/rfc822 type, or even flag the difference to the user.  Most users would 
not understand the flag if it was there.

I would like to know if there is enough energy to work on a re-charter for the 
SMIME working group and then produce an updated specification.  If there is 
enough interest, Stephen Farrell is willing to sponsor the charter.

I am willing to work on it.


On Jan 28, 2016, at 5:02 AM, Lijun Liao wrote:

Indeed there are much simple ways to get the encrypted messages by adding 
some header fields like Reply-To, Sender, To, CC, etc. Since these header 
fields are not cryptographically protected by the signature and encryption, 
the recipient mail client is not able to detect the modification. If she 
answers the email, a copy will be delivered to the attacker.

Sure the aforementioned attack can be HINDERED by the inline message type 
message/rfc822 introducted in S/MIME v3.1. I use here the word HINDER instead 
of PREVENT due to the fact that the specification does not prevent the 
recipient client from using the outer header fields which are not protected. 
By the way, not all of email clients (indeed I know none) can be configured 
to accept only intern message/rfc822 type.

Lijun Liao

smime mailing list