ietf-smime
[Top] [All Lists]

Re: [smime] Message takeover attacks against S/MIME

2016-01-28 22:37:26
Russ Housley <housley(_at_)vigilsec(_dot_)com> writes:

Take a look at this article: http://cryptosource.de/posts/smime_mta_en.html

Is there interest in updating the S/MIME specification to use authenticated-
encryption?

It looks like a pretty contrived attack, you need to be able to truncate a
message, both at the start and end, on a 16-byte boundary to turn a signed
message into a plain, unsigned one, and still have the client accept the
result as a valid message.  They found one client that does that, but that
sounds more like a buggy client than a major problem (none of the others did
it).

In any case the fix should be pretty minimal, if anything is required at all:
If the SMIMECaps in the cert you're encrypting for indicates authEnc, use
that.  My code already does that and possibly other impementations do too.

Peter.
_______________________________________________
smime mailing list
smime(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/smime