Re: PGP/MIME and S/MIME mail clients vulnerabilities

[Yves-Alexis Perez <corsac () debian org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Tue, 2018-05-15 at 17:40 +1000, Brian May wrote:
> Have a look at some official statements on this:
>
> * https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html
> * https://protonmail.com/blog/pgp-vulnerability-efail/
>
> For the case of PGP it sounds like the only problems occur when mail
> clients ignore the GPG hints.

Thanks for the links (I had already included the information in my summary
though).
> For S/MIME, it does sound like the standard is broken and needs fixing.

That was my understanding as well, thus the mitigations.
> If I understand this correctly, the "Direct Exfiltration" is an attack
> that doesn't require modifying the encrypted data - so presumably the
> MDC in PGP won't help. 

Yes indeed.

> To me this sounds like a email client problem
> (allowing mixing encrypted and encrypted data in the one HTML document
> seems like a very bad idea), but the https://efail.de/ page says the
> standards need to be updated to fix this.

Maybe the fixing the standard will help, but indeed the client can already
sanitize the various chunks of message and not render them as part of one HTML
document. As far as I can tell only Thunderbird was vulnerable to this (in
open-source software), but I can't find a CVE number or a public bug for this.

Regards,
- -- 
Yves-Alexis
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE8vi34Qgfo83x35gF3rYcyPpXRFsFAlr6mNYACgkQ3rYcyPpX
RFtn4ggAtq1Ex6jbj0XbMxQt2j9l4/p1OFSoemqJEEXse2E6cgB/UMd4LPBpzeW0
kS1I6glL4j3ODpUrcBKFkWTqUMXwYATayzBGX08HWti5vj+CRtqd+QtpMziymhiC
UzB77gsDi3IBssANPDVrW1YmF/pN5FUvrmBx6F+yEXOd0dQkKwQrbnvgQVskVGBP
TisoHpMDvEAZGToNlHh/HokonliCnnN7vQRp4ZiardcWsFY5oBnmHcvZKYaW1R9G
PG65KWRDSxiU9hB6UGoZNAgM8vlBjZzEk6kgSm8XC5vam2Co/Egg0JQenK0C8YyP
ATG6D5cEDa31XswrNeZLVr5VF035JQ==
=dZri
-----END PGP SIGNATURE-----