Page MenuHome GnuPG
Create Task
Maniphest T4118

GpgOL: Mitigate S/MIME Denial of Service due to CRL stalling
Open, WishlistPublic
Actions

Description

Some X509 Certificate authorities (see T3907), mostly cacert, provide their CRLs so slow that for the user it looks like GpgOL is broken.

E.g. a first verification of an S/MIME mail can take up to 30 minutes by default. During the verification GpgOL does not show the contents of the mail. So it can take up to 30 minutes for a user until she can read a signed S/MIME mail. This amounts to a denial of service.

An idea could be to blacklist CA's that are so slow with their CRL's. My idea would be to skip the verification if it takes more then 5 seconds. Keep it running in the background but do just another verify in offline mode. The second verify would only be used as an integrity check. So for that second verify do not treat the result as a valid signature (no green bar, no trusted sender address) and show in the details "is not valid because the CRL was not known" the next time the mail is viewed it will hopefully have the CRL cached and then it will be quick.

Details

Version
master

Related Objects

Event Timeline

aheinecke created this task.Aug 31 2018, 10:05 AM
aheinecke added a subtask: T4125: Gpg4win 3.1.4.Sep 4 2018, 9:29 AM
aheinecke removed a subtask: T4125: Gpg4win 3.1.4.Oct 16 2018, 1:27 PM
aheinecke added a comment.Dec 14 2018, 10:52 AM

I wonder if the best thing here might be another flag in the trustlist to disable CRL/OCSP checks for a single root certificate chain. I had such a request in the Gpg4win forums. Someone had a single unreacable CRL / OCSP and had to disable globally all checks for all other certs, too.

werner added a subscriber: werner.Dec 14 2018, 1:26 PM

Interesting idea but it does not help against attacks because all root CA are considered equal (virtually cross-signed). Thus a single not checked root CA allows to subvert all certificates.

aheinecke added a comment.Dec 14 2018, 1:28 PM

No I do not think so. Because that would already be currently the case. If you had a subverted Root CA of course you can attack. But we are only talking about CRL / OCSP here. A root CA that does not provide a CRL for certificate X is OK. As long as the Root CA that issued X issues a CRL for that. Well the usual CRL / OCSP denial of service is still possible but I don't see any subversion.

aheinecke mentioned this in T4292: gpgsm: Problems with OCSP validation / No CRL known for OCSP Cert id-pkix-ocsp-nocheck?.Dec 17 2018, 8:44 AM
aheinecke mentioned this in T4378: Outlook hanging opening mails with S/MIME signature.Feb 27 2019, 12:56 PM
aheinecke merged a task: T4378: Outlook hanging opening mails with S/MIME signature.
aheinecke added a subscriber: matt256272.
aheinecke added a subtask: T4523: Gpg4win: Multiple problems reported 05-2019.May 20 2019, 2:20 PM
werner removed a subtask: T4523: Gpg4win: Multiple problems reported 05-2019.May 24 2019, 9:06 AM
aheinecke closed this task as Resolved.Dec 2 2020, 2:03 PM

This is resolved with the preview feature in GpgOL-2.4.6 Gpg4win-3.1.12

aheinecke reopened this task as Open.Dec 2 2020, 2:04 PM

Ah no, this is about the sending part, where we only encrypt to online validated keys, that is not mitigated at all. Disregard my last comment.