[linux-elitists] Fwd: PGP signature attachments!

Karsten M. Self kmself@ix.netcom.com
Fri Sep 7 19:23:54 PDT 2001


on Sat, Sep 08, 2001 at 01:59:09AM +0100, Sean Neakums (sneakums@zork.net) wrote:
> begin  Karsten M Self quotation:
> 
> > A munged signed message can't be verified regardless.  Broken mail
> > handling software must be fixed.
> > 
> > An intact, signed, but unverified message can still be verified at a
> > later date.  There's worlds of difference.
> 
> The only way to verify that a PGP-signed message is intact is to
> attempt to verify the signature.  You cannot trust the transport
> mechanism nor the software used to encapsulate the message AT ALL.  

If the transport system *changes* the message in any way:

  - If encrypted, it's not readable.
  - If signed, it won't validate.

This isn't a matter of trust, it's one of preserving message integrity.
In either event, the means that are meant to be satisfied by utilizing
PKI are thwarted.

RFC 2015 specifies that the content must be considered nonmutable:

    http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2015.html
    3 Content-Transfer-Encoding restrictions

    Multipart/signed and multipart/encrypted are to be treated by agents
    as opaque, meaning that the data is not to be altered in any way
    [1]. However, many existing mail gateways will detect if the next
    hop does not support MIME or 8-bit data and perform conversion to
    either Quoted-Printable or Base64. This presents serious problems
    for multipart/signed, in particular, where the signature is
    invalidated when such an operation occurs. For this reason all data
    signed according to this protocol MUST be constrained to 7 bits (8-
    bit data should be encoded using either Quoted-Printable or Base64).
    Note that this also includes the case where a signed object is also
    encrypted (see section 6). This restriction will increase the
    likelihood that the signature will be valid upon receipt.

> I can't be any more certain that a PGP/MIME implementation has not
> munged a message than I can that a plaintext PGP message has not been
> munged.

Correct, not without validation.  However, modified messages won't
validate regardless of whether it's an implementation error or a
nefarious attempt by Mallory to modify the message.

However, given the fragile nature of PKI, a universe of transport
mechanisms that arbitrarially changes message content will break
messages.  As there are times when such modifications may be 
assumed to be reasonable, specifying when they shouldn't occur (as in
RFC 2015), is helpful.

Clearsigning doesn't mark the message as opaque to the transfer agent.

Transfer agents which do modify opaque content can be reported as
noncompliant (to repeat myself).

-- 
Karsten M. Self <kmself@ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010907/c262a417/attachment.pgp 


More information about the linux-elitists mailing list