[linux-elitists] Fwd: PGP signature attachments!

Karsten M. Self kmself@ix.netcom.com
Mon Sep 10 14:18:41 PDT 2001


on Fri, Sep 07, 2001 at 07:23:54PM -0700, Karsten M. Self
(kmself@ix.netcom.com) wrote:
> on Sat, Sep 08, 2001 at 01:59:09AM +0100, Sean Neakums
> (sneakums@zork.net) wrote:

<...>

> > The only way to verify that a PGP-signed message is intact is to
> > attempt to verify the signature.  You cannot trust the transport
> > mechanism nor the software used to encapsulate the message AT ALL.  
> 
> If the transport system *changes* the message in any way:
> 
>   - If encrypted, it's not readable.
>   - If signed, it won't validate.
> 
> This isn't a matter of trust, it's one of preserving message integrity.
> In either event, the means that are meant to be satisfied by utilizing
> PKI are thwarted.
> 
> RFC 2015 specifies that the content must be considered nonmutable:
> 
>     http://www.cis.ohio-state.edu/cgi-bin/rfc/rfc2015.html 
>     3 Content-Transfer-Encoding restrictions
> 
>     Multipart/signed and multipart/encrypted are to be treated by
>     agents as opaque, meaning that the data is not to be altered in
>     any way [1].  <...>
> 
> > I can't be any more certain that a PGP/MIME implementation has not
> > munged a message than I can that a plaintext PGP message has not been
> > munged.
> 
> Correct, not without validation.  However, modified messages won't
> validate regardless of whether it's an implementation error or a
> nefarious attempt by Mallory to modify the message.
> 
> However, given the fragile nature of PKI, a universe of transport
> mechanisms that arbitrarially changes message content will break
> messages.  As there are times when such modifications may be 
> assumed to be reasonable, specifying when they shouldn't occur (as in
> RFC 2015), is helpful.
> 
> Clearsigning doesn't mark the message as opaque to the transfer agent.
> 
> Transfer agents which do modify opaque content can be reported as
> noncompliant (to repeat myself).

As if to prove my point....

I got word today from a fellow subscriber to the free-sklyarov list that
a large portion of my (signed) messages were arriving with invalid
signatures at his site.  As my own receipt of same messages contained
valid signatures, it's pretty clear that there's content munging
occuring at some point in transport between the list and his MUA.

As previously stated, once the offending link has been identified, it
can be reported as buggy and/or noncompliant (to repeat myself yet
again).

Inquiring minds want to know how the sneakums comprehension bit is set
today.

-- 
Karsten M. Self <kmself@ix.netcom.com>          http://kmself.home.netcom.com/
 What part of "Gestalt" don't you understand?             There is no K5 cabal
  http://gestalt-system.sourceforge.net/               http://www.kuro5hin.org
   Free Dmitry! Boycott Adobe! Repeal the DMCA!    http://www.freesklyarov.org
Geek for Hire                        http://kmself.home.netcom.com/resume.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://allium.zgp.org/pipermail/linux-elitists/attachments/20010910/9e9eb340/attachment.pgp 


More information about the linux-elitists mailing list