[Gpg4win-devel] GpgOL MIME and protected headers

Andre Heinecke aheinecke at gnupg.org
Fri Mar 19 12:21:21 CET 2021 

Hi,

On Friday 19 March 2021 11:53:26 CET Bernhard Reiter wrote:
> * Implement reading of one wrapped message as by the draft.
> 
>   This makes most sense to me: It is most backwards compatible and
>   and the leading variant in the current draft. (And there should be only
>   one way to implement it). 
> 
>   You probably are going to need it for S/MIME and OpenPGP/MIME  
>   sooner or later.
> 
>   The security implications (that we had considered a long while back)
>   can be handled if it is only one wrapped message that is supported for
>   now.

We have this already and I worked on it a bit more in the development version. 
I'm not a hundret percent sure what you mean by wrapped messages. In generall 
my aim was to support all the testmails from the  autocrypt repo ( https://
github.com/autocrypt/protected-headers )

And also the new Enigmail code which uses an extra text part for the headers. 

> * If such an email is detected, you could, if possible mark the
>   subject and other headers somehow, so people can see the
>   unprotected headers, but know there are potentially second
>   values. We have to deal with all the upcoming usability problems
>   later. But this is a minimal version that helps trained people and
>   does not lose information (like the current Thunderbird implementation
>   does.)

What we do is that we display the headers as we parsed them from a protected-
headers structure while the mail is also decrypted and then hide them again. 
We cannot store the Subject in a way that would work with Outlooks threading 
without potentially storing the Subject also on the server. So in the message 
list it will only show ...

I don't see a real value in indicating that other headers except the subject 
were signed. Like "To: and CC:" we parse it because we need it for the BCC 
handling but we don't have any indicator to display if they were signed / 
encrypted or not. This would tecnically be very difficult to show in a way that 
cannot be falsified and trainable. I also don't really see the value.

> * If writing is implemented it should be disabled by default and could be
>   enabled if it is well known that recipients can handle it, like
>   a direct reply to an email in the same format.

Yes. Currently we have the problem that if you reply to a mail with an 
encrypted subject the subject will not be encrypted. Something I'm planning to 
do with https://dev.gnupg.org/T4858
 
> * A reply MUST consider protected to: and cc: headers instead of
>   the outer ones.

Yeah, but we cannot hide them from the servers database as we don't directly 
use SMTP and so have to store the To and CC on the outer mail. But then this 
is always impossible because a malicous server could also log the SMTP 
recipients.
 
> * (unsure) Any reply of an encrypted email should not quote by default
>   is something I consider as recommendation.

I do not think this makes sense and would not like to implement that. We have 
the EFail protection and that is good enough in my opinion.

> With further reading my suggestions may change, but I wanted to give you
> my current ideas and some reasoning. (Shall I place it somewhere, 
> dev.gnug.org? Tracker?)

https://dev.gnupg.org/T4858 might be a good place to at least watch to see how 
the implementation goes.

> Next I will see if I can find out why something else than the "wrapped"
> method 
> was proposed.

I think the different methods were proposed because different mailers without 
protected-headers support showed the mime parts differently. 

Currently I'm using an extra MIME as this is the easiest way to do message 
composition and is AFAIK also what enigmail currently does.

https://dev.gnupg.org/source/gpgol/browse/master/src/mail.cpp$5067

But this is still a work in progress which I hope to have fully tuned for 
GpgOL 2.5.0. I mostly need this to properly split up mails to send some 
recipients S/MIME Mails and other recipients OpenPGP Mails. Using protected 
headers allows me then to keep the recipient information in both mails correct 
in the protected headers part even though I send out mails over Exchange with 
the modified recipients.


Best Regards,
Andre

-- 
GnuPG.com - a brand of g10 Code, the GnuPG experts.

g10 Code GmbH, Erkrath/Germany, AG Wuppertal HRB14459
GF Werner Koch, USt-Id DE215605608, www.g10code.com.

GnuPG e.V., Rochusstr. 44, D-40479 Düsseldorf.  VR 11482 Düsseldorf
Vorstand: W.Koch, B.Reiter, A.Heinecke        Mail: board at gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779.   Tel: +49-211-28010702
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 273 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20210319/a776ff7a/attachment.sig>

More information about the Gpg4win-devel mailing list