[Cryptography] Attacks on PGP (and allegedly S/MIME)

Thu May 17 08:33:31 EDT 2018

On Thu, May 17, 2018 at 4:52 AM, Stephen Farrell <stephen.farrell at cs.tcd.ie>
wrote:

>
> Hiya,
>
> On 05/17/2018 06:44 AM, Peter Gutmann wrote:
> > Just to confound things even further, the "encrypt everything"
> > approach makes this even worse.  If you've only got sensitive,
> > valuable email traffic encrypted then you can afford to be careful
> > with it, refuse to auto-render HTML, follow links, and so on.
> > However, if every piece of HTML-encrusted gunk that turns up is also
> > encrypted, you can no longer tell whether it's something you want to
> > isolate or not, and if you do isolate everything users will switch to
> > a different mailer that "works", in the sense that it displays the
> > HTML-encrusted gunk as intended.
>
> I have two reasons to disagree with the above.
>
> 1) I don't believe anyone can realistically process things they
> need to be careful with differently unless they're forced to do
> that (e.g. via regulation, or some technical feature of the thing
> being dealt-with). I reckon everyone's drowning in so much mail
> that that's not really feasible as "important, must encrypt" is
> highly unlikely to be something a user would realise for a mail
> just before sending.
>
> 2) I do get a lot of mail, don't render HTML etc. and can work
> just fine. That's a teeny pain every now and then when I have to
> save and use munpack, but that's <1/month I figure. I'm very
> sure I ignore a lot of HTML-only encoded attachment crap, but
> I don't seem to feel any sadness resulting:-)
>
> So I guess we disagree - in my experience "what's important" isn't
> easy to treat specially but "what's broken that needs handling" is
> more tractable. If I'm right then encrypting doesn't make this
> situation worse for the reasons stated. (Encrypting by default,
> more does clearly increase the risk related to other aspects of
> these bugs.)
>

I am even stronger than Stephen on this. Basically, if your security
product requires the user to think AT ALL then is it utterly useless. Users
have real work that they are thinking about and if you are distracting
them, you are going to be ignored.

Very often, I am asked to do security related tasks that require ME to
exert effort to protect an asset belonging to someone else who is not
paying ME to protect it. So I have absolutely no qualms about putting 0%
effort into making sure it is secure.

As was pointed out by Jim Schadd in another place, the HTML email RFC
requires that each HTML text be in a separate document. It was never legit
to split HTML over MIME boundaries. I know of no situation in which a MUA
is likely to generate such an email, the only sender likely to ever do that
is an attacker.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20180517/02078b14/attachment.html>