Signed messages to mailinglists comes up as insecure
Closed, ResolvedPublic

Description

This is an issue with GpgOL.

When PGP signed messages are sent to mailinglists, there are bounce mechanisms that cause the from: address to be rewritten.

e.g. a message from info@example.org to puppets@lists.example.com will look like this:

puppets-bounces@lists.example.com on behalf of Info <info@example.org>

Even if the message is PGP signed with a valid key for info@example.org, GpgOL will say that it is insecure (white questionmark on purple background), and list the following:
'The sender address is not trustworthy because:
The used key does not claim the address:
"puppets-bounces@lists.example.com"

click here for details about the key'

Clicking on it shows the key for info@example.org.

The mailinglist software in this case is mailman.

Naming as per https://dmarc.org/2016/07/how-many-from-addresses-are-there/

The RFC5322.From is set to Info <info@example.org>
The RFC5321.MailFrom is set to <puppets-bounces@lists.example.com>

It seems like GpgOL only checks RFC5321.MailFrom in this case.

Can we have it check against RFC5322.From as well?

The other option (the way I see it, you guys may view it differently) - is that it at least clearly state which key it is valid for. Of course there might be issues with emails sent from lookalike-addresses, however that is an issue that is present no matter what (and strictly not what PGP is made to circumvent I would believe)

kjellchr created this task.Aug 27 2018, 9:26 AM
aheinecke triaged this task as Normal priority.Aug 28 2018, 2:07 PM
aheinecke added a subscriber: aheinecke.

Thanks for the input. GpgOL should check against what outlook shows as the "From" Address. In your case: What does Outlook show? Is it "info@example.org" or "puppets-bounces" ?

The information we want to convey with "Trusted Sender Address" and the green bar is that a user can be sure that the mail was actually sent by the "From" address and not modified.

If we would check against something else then what outlook shows the user an attacker could fake some validity information.

T4026 is a bit related. I'm suprised that the signature check for mailman mails works at all for you ;-)

Hi Andre!

In outlook what is shown to theuser is 'puppets-bounces@lists.example.com on behalf of Info <info@example.org>' (as mentioned in the original ticket).

and yes, the reasoning does make sense (so that an attacker can't just SMTP spoof a legit sender, sign the message with his own key which is completely different and make it appear like its a valid PGP signed email sent from said legit sender.

However - what you really want to check is that the 'From' and the signature match up. And armed with the knowledge that what Outlook displays in the 'From' field, and what is present in the RFC5322.From field might be different (but as far as I know it will always say 'on behalf of <RFC5322.From>'), then it should (I would think) be acceptable to also allow it to match on the RFC5322.From. The other option is that you essentially effectively break PGP signing on messages sent to a mailinglist (that is what is happening today).

To the best of my knowledge there should never be a situation where what is present in the RFC5322.From header is not present in what outlook displays as the sender.

One other possible (but obviously very bad) solution would be to scan the display name for valid mail addresses, but this can easily go wrong, e.g. if the display name says "info@example.org <info@evil.org>" or similar stuff.

Can you come up with a scenario where an attacker could fake validity info when checking against the RFC5322.From header as opposed to the first address outlook presents (puppets-bounces)?
Not trying to be a douchebag, just genuinely curious as I have thought rather hard on this without being able to think of any.

Normally outlook will show what is in the RFC5322.From field in the 'outlook from' field - I am not entirely sure why it doesn't for mailinglists (if they did, then this wouldn't be an issue). Tried googling why it tacks on the 'mailinglist-bounces@ on behalf of <RFC5322.From>' but sadly did not have much success.


T4026 is somewhat related and also not at all (or at least a completely different problem). The signature in my case is done inline, so there is no additional signature file, but rather like this:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: xxx
<text>
-----BEGIN PGP SIGNATURE------
Version: yyy
<signature>
-----END PGP SIGNATURE-----

Ok! If outlook shows it we should verify it.

Could you attach such a mail as .mbox or even as an outlook .msg ? That would help me a bit as I would not have to come up with a testcase myself.

Actually, I can add you to a test mailinglist and send you a signed message tomorrow, would that work?

pulled your address from the PGP key 0x94A5C9A03C2FE5CA3B095D8E1FDF723CF462B6B1

Yes that would work for me and the pgp key is the right one. Thanks!

Sent two messages to the test mailinglist. Please let me know if you need / want more.

Thanks. I can work with that. It is indeed clearly visible what the "Sent on behalf of" address is. So it makes sense to check that, too.

excellent - will this be includedin gpg4win 3.1.3?

Sweet, thank you! Any estimate on when that might come out?

We are actually in the final release preparation and just waiting for GnuPG 2.2.10. If everything goes well it will be released this week. If not, next week.

https://www.gpg4win.org/version3.1.3.html < beta28 has the fix. If nothing untoward happens this will be the final version to be released tomorrow.

aheinecke changed the task status from Open to Testing.Aug 30 2018, 4:24 PM
aheinecke closed this task as Resolved.Sep 4 2018, 9:21 AM
aheinecke claimed this task.

Gpg4win-3.1.3 was released.