#266 Enigmail does not cross check timestamps on signature and mail

[Felipe Lessa]

Right now you are able to see both the e-mail's timestamp and the signature's timestamp. However, Enigmail does not try to cross check them. A warning should be displayed if they're too far apart, since it indicates a potential problem.

For example, if you sent a message whose meaning was mostly in the subject, such as:

Date: 01/01/2010
Subject: Meet me at John's tommorow

Cya!
--
Dave.

Then an attacker would be able to send to anyone else a message:

Date: 21/12/2013
Subject: Sell all your stock RIGHT NOW!

Cya!
--
Dave.

No warning would be displayed on current Enigmail behaviour.

[Ludwig Hügelschäfer]

I agree that it would be nice to have a function in Enigmail warning if time difference between signature time and date header exceeds a certain threshold (btw: what difference should be acceptable?).

"Date:" header is a header line, such as "Subject:", which are never signed and/or encrypted in the OpenPGP standard. This is widely known, and it is documented. Therefore setting severity to "Enhancement".

[eviljoel]

Concerning differences, most e-mails are sent within a second from being signed. I'd say anything outside of an hour or day would be cause for alarm.

[Daniel Kahn Gillmor]

On Sat 2015-01-31 12:25:54 -0500, Patrick Brunschwig wrote:

I think this would lead to false alerts and/or cause false
security. The time stamp of the signature does not contain any
relevance; the system time of any system my be wrong by choice or
error. As long as the message is correctly signed with a valid key, it
is a valid signature, no matter how long ago the signature was
created. The same is true with the mail send date.

The point raised in this ticket was a replay attack, where the attacker
(who doesn't create the signed message themselves) actually can't set
the signature timestamp.

E.g. I create a text in Notepad and sign it; later I copy & paste this
into a mail -- the timestamps may differ by an arbitrary amount of
time.

Sure, but probably not by a day, and almost certainly not by a week :)

Setting a reasonable threshhold beyond which to warn would limit the
window of a possible replay attack like the one described in the ticket.

I can understand that an arbitrary limit like this seems frustrating and
vague and unjustifiable, so maybe the right process is still to keep
this "wont-fix". But there is a real attack that enigmail could
mitigate somewhat by warning when the gap between the Date: header and
the signature timestamp is exceedingly fishy.

--dkg

[Patrick Brunschwig]

I think this would lead to false alerts and/or cause false security. The time stamp of the signature does not contain any relevance; the system time of any system my be wrong by choice or error. As long as the message is correctly signed with a valid key, it is a valid signature, no matter how long ago the signature was created. The same is true with the mail send date.

E.g. I create a text in Notepad and sign it; later I copy & paste this into a mail -- the timestamps may differ by an arbitrary amount of time.