Making the case for smart cards for the average user
Ben McGinnes
ben at adversary.org
Tue Apr 7 17:26:50 CEST 2015
On 8/04/2015 12:04 am, MFPA wrote:
> On Tuesday 7 April 2015 at 2:14:55 PM, in
> <mid:87y4m43ws0.fsf at alice.fifthhorseman.net>, Daniel Kahn Gillmor
> wrote:
>
>> We know how to structure a proper name-addr and an addr-spec, and
>> it's not difficult. If you want an e-mail address to be
>> recognizable to automated tools, you should structure it in a
>> recognizable way.
>
>> The above UID is simply a mistake, and i don't think
>> GnuPG should try to accomodate it.
>
> Fair enough. That we should try to accommodate:-
>
> user at example.com
>
> but not:-
>
> Test20150407 user at example.com
>
> actually makes sense to me. I structured my example UID incorrectly.
Yeah, this is fair because the first one is accepted by SMTP in the
mail from and rcpt to commands, but the second one wouldn't.
bash4-4.3$ telnet seditious 25
Trying 172.17.23.9...
Connected to seditious.adversary.org.
Escape character is '^]'.
220 seditious.adversary.org ESMTP Postfix
helo me
250 seditious.adversary.org
mail from: president at whitehouse.gov
250 2.1.0 Ok
rcpt to: ben at adversary.org
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: Bazza <president at whitehouse.gov>
To: Benny <ben at adversary.org>
Subject: The Jets
Yo dude, we need those jets!
.
250 2.0.0 Ok: queued as E654111C0515
quit
221 2.0.0 Bye
Connection closed by foreign host.
Compare that to this:
Trying 172.17.23.9...
Connected to seditious.adversary.org.
Escape character is '^]'.
220 seditious.adversary.org ESMTP Postfix
helo foo
250 seditious.adversary.org
mail from: Bazza president at whitehouse.gov
555 5.5.4 Unsupported option: president at whitehouse.gov
quit
221 2.0.0 Bye
Connection closed by foreign host.
The MUA uses the brackets to work out which bits to use in those two
commands. Once the data command has been delivered you can put in
whatever you like (hence mail spoofing and spam), but before the data
command is delivered the format is explicit.
That said, if just the brackets are included it will still behave, in
case the MUA extracts them from the From and To fields along with the
address:
Connected to seditious.adversary.org.
Escape character is '^]'.
220 seditious.adversary.org ESMTP Postfix
helo snafu
250 seditious.adversary.org
mail from: <president at whitehouse.gov>
250 2.1.0 Ok
rcpt to: <ben at adversary.org>
250 2.1.5 Ok
data
354 End data with <CR><LF>.<CR><LF>
From: Bazza <president at whitehouse.gov>
To: Benny <ben at adversary.org>
Subject: Re: The Jets
What do you mean you don't believe it was me without a GPG signature?
My National Security Advisor said that was bad and the NSA had to tell
me what to do.
.
250 2.0.0 Ok: queued as 3057A11C0515
quit
221 2.0.0 Bye
Connection closed by foreign host.
Regards,
Ben
P.S. The Jets are gone. ;)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 630 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20150408/707daf82/attachment.sig>
More information about the Gnupg-users
mailing list