[Bug 1551075] [NEW] Content filtering breaks some PGP Mime signed messages.

Mark Sapiro mark at msapiro.net
Mon Feb 29 00:01:53 EST 2016 

Public bug reported:

In some cases it is inevitable that Mailman's content filtering will
break a PGP MIME signature. I.e., if content filtering removes signed
content, the signature will be broken.

For example, assume an original message is multipart/alternative and it
is then wrapped in a multipart/signed outer message along with a
signature part. If content filtering collapses alternatives, the
signature will be broken. Likewise, if the original has an attached
image/png part or any MIME type part which content filtering removes,
the signature will be broken.

These are inevitable results of content filtering, and content filtering
should override signature preservation or people could avoid having
their content filtered just by signing their posts.

There is however a situation that has developed where signature breaking
can be avoided. The latest (at the time of writing) versions of enigmail
will sign a message in the following way. Assume the original unsigned
message is just text/plain. It could be more complex, but the following
still holds.

The text/plain (or whatever) message is first recast as multipart mixed
like:

Content-Type: multipart/mixed; boundary="bbbbbb"
From: (Original from)
To: (Original to)
Message-ID: (original message-id)
Subject: (original subject)

--bbbbbb
Content-Type: (original message's content-type)
Content-Transfer-Encoding: (original message's content-transfer-encoding)

(remainder of original message)

--bbbbbb--

Then the signed message is created with structure

multipart/signed
    multipart/mixed
        text/plain (or whatever the original was)
            (original message)
    application/pgp-signature
        (signature of the multipart/mixed part)

The problem is Mailman has logic to detect multipart parts with only one
sub-part and collapse them to just the sub-part, so in this case, even
though content filtering doesn't remove anything, it still collapses the
above to

multipart/signed
    text/plain (or whatever the original was)
        (original message)
    application/pgp-signature
        (signature of the multipart/mixed part)

and the signature is no longer valid. This can be fixed by short-
circuiting the "collapse multipart parts with only one sub-part" logic
when encountering a multipart/signed part and not collapsing anything
below it.

** Affects: mailman
     Importance: Medium
     Assignee: Mark Sapiro (msapiro)
         Status: In Progress

-- 
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1551075

Title:
  Content filtering breaks some PGP Mime signed messages.

To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1551075/+subscriptions

More information about the Mailman-coders mailing list