[Bug 1551075] [NEW] Content filtering breaks some PGP Mime signed messages.
Mark Sapiro
mark at msapiro.net
Mon Feb 29 00:01:53 EST 2016
Public bug reported:
In some cases it is inevitable that Mailman's content filtering will
break a PGP MIME signature. I.e., if content filtering removes signed
content, the signature will be broken.
For example, assume an original message is multipart/alternative and it
is then wrapped in a multipart/signed outer message along with a
signature part. If content filtering collapses alternatives, the
signature will be broken. Likewise, if the original has an attached
image/png part or any MIME type part which content filtering removes,
the signature will be broken.
These are inevitable results of content filtering, and content filtering
should override signature preservation or people could avoid having
their content filtered just by signing their posts.
There is however a situation that has developed where signature breaking
can be avoided. The latest (at the time of writing) versions of enigmail
will sign a message in the following way. Assume the original unsigned
message is just text/plain. It could be more complex, but the following
still holds.
The text/plain (or whatever) message is first recast as multipart mixed
like:
Content-Type: multipart/mixed; boundary="bbbbbb"
From: (Original from)
To: (Original to)
Message-ID: (original message-id)
Subject: (original subject)
--bbbbbb
Content-Type: (original message's content-type)
Content-Transfer-Encoding: (original message's content-transfer-encoding)
(remainder of original message)
--bbbbbb--
Then the signed message is created with structure
multipart/signed
multipart/mixed
text/plain (or whatever the original was)
(original message)
application/pgp-signature
(signature of the multipart/mixed part)
The problem is Mailman has logic to detect multipart parts with only one
sub-part and collapse them to just the sub-part, so in this case, even
though content filtering doesn't remove anything, it still collapses the
above to
multipart/signed
text/plain (or whatever the original was)
(original message)
application/pgp-signature
(signature of the multipart/mixed part)
and the signature is no longer valid. This can be fixed by short-
circuiting the "collapse multipart parts with only one sub-part" logic
when encountering a multipart/signed part and not collapsing anything
below it.
** Affects: mailman
Importance: Medium
Assignee: Mark Sapiro (msapiro)
Status: In Progress
--
You received this bug notification because you are a member of Mailman
Coders, which is subscribed to GNU Mailman.
https://bugs.launchpad.net/bugs/1551075
Title:
Content filtering breaks some PGP Mime signed messages.
To manage notifications about this bug go to:
https://bugs.launchpad.net/mailman/+bug/1551075/+subscriptions
More information about the Mailman-coders
mailing list