Pros and cons of PGP/MIME for outgoing e-mail?

Werner Koch wk at gnupg.org
Tue Nov 25 21:38:43 CET 2014


On Tue, 25 Nov 2014 09:42, bernhard at intevation.de said:

> Oh, what about the idea to just ship a MIME parser with GnuPG. >;)

tools/gpgparsemail is such a thing.  It translates a MIME structure in
something easier to process with standard Unix utilities.  Mainly a
debugging tool but the code served well as the basic for the MIME parser
in GpgOL.

> with an option that the user can fall back to a zipped and encrypted 
> (gpg-zip/gpg-tar compatible format) attachment,  

FWIW, this is the same.  PGP named their tool pgpzip but it actually
creates a tarball.  gpgtar does the same and has mainly be written due
to the problems of porting a shell script making use of tar (gpg-zip) to
Windows.

> disassemble them to put the together again when they are needed. In this 
> process they strip whitespaces, headerlines and reformat linebreaks.
> So there is a designed loss of information in the library. 

Using Evolution as an example has never been a good idea. [1]

> To me that is a design issue of the library. And I believe most other MIME 
> libraries will not share it.

Beware of the camels ;-)

> which are to be assumed identical, you may introduce an attack surface 
> because some clients may display the contents slight differently. A clever 
> attacker may exploit this to play tricks on the user.

Recall the attacks which used to be mounted on text based MUAs:
Including of faked verification message at the top of the message.  This
required the MUAs to display the current wall time right above the
message so that the user had a chance to detect faked signed messages.
MIME is a well thought out system to markup mails; it should always be
used.

> envelope subject). In total I would say that having an envelope subject is 
> good anyway and that most email clients would continue to display it, because
> it could contain important information still.

We need it for public mailing lists anyway.  But it is a non-issue, a
MUA could simply replace the subject by something innocent.  But does
anyone really believe this would help to increase the number of
encrypted mails?

> I'd say you are slightly unlucky with pythons "email" library.

Replace that by a custom one - writing a MIME parser is easy.  1200
lines C and for sure much less in a high level language.


Shalom-Salam,

   Werner


[1] It used to do to signatures what this record intro did to English 40
    years ago:

  Hhmm, ah, hello my dear friends. Here I am again with my music. Well,
  it's very nice that I can speak to you now from this very fine
  record. And I am freuing me, that you are freuing you to hear my voice
  again. Isn't it nice? Yes it is.  Well, I want you to listen to my
  very new song, wich I have brought along from a trip through
  Africa. And I hope, you like it. Do you like it? Yes, you do.  And
  also here are ebenfalls some of my very best friends, which will sing
  along together with me. Come on boys, let's sing that the camels are
  breaking together.

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.




More information about the Gnupg-users mailing list