Enigmail / Bugs / #612 Check, if claimed sender and signer of an e-mail match

#612 Check, if claimed sender and signer of an e-mail match

Status: wont-fix

Owner: nobody

Labels: RFE (1)

Found in Version: 1.9.2

Severity: Enhancement

Thunderbird version: 38.7.0

GnuPG version: 2.0.26

Operating System: Linux

Fixed in version: ---

Cc: nobody

Updated: 2020-12-25

Created: 2016-05-23

Creator: Erik Nellessen

Private: No

A signed e-mail contains a non-authentic, claimed sender and a (n authentic) signer. I attached an example, the claimed sender is marked in blue, the signer in red. The claimed sender is easily interchangeable.

When Enigmail verifies a signature, it checks, if the signature has been done with a key, the user trusts (by using the gpg keyring). It then displays, if the signature is correct and who the signer is.

Anyhow, it does not check, if claimed sender and signer match. I attached an example message, in which Alice is the claimed sender, but the signature has been created by Mallet. As you can see in this example, an attacker can use any key the receiver trusts to create a signature for an e-mail with claimed sender "Alice", which is accepted by Enigmail without any warning.

Of course, the receiver is able to notice the forgery. By comparing claimed sender and signer, we see, that something is wrong. Anyhow, this could be done automatically by Enigmail.

I do not want to claim, that there are no use cases possible, in which claimed sender and signer justifiedly differ. That is why I request as a feature a warning by Enigmail. It should say "Attention, something might be wrong here. I just wanted to tell you, if you know what you're doing, go on.".

2 Attachments

signed-email-example-attack.png

signed-email-example.png

Discussion

Erik Nellessen - 2016-05-23

Attachments has changed:

Diff:

--- old +++ new @@ -1 +1,2 @@ signed-email-example-attack.png (61.3 kB; image/png) +signed-email-example.png (62.4 kB; image/png)
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Erik Nellessen - 2016-05-23

Severity: Minor --> Enhancement
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Ludwig Hügelschäfer - 2016-06-26

There's a more general solution for this: The proposed Memory Hole standard.

https://www.ietf.org/proceedings/92/slides/slides-92-appsawg-0.pdf

This offers signing/encryption not only of the body text, but also of the E-Mail headers. Enigmail 1.9 already incorporates this function, but you must turn it on manually.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- Erik Nellessen - 2016-06-27
  
  This is only a solution if Enigmail only accepts E-Mails which have a signed header. As long as Enigmail also accepts E-Mails with unsigned headers, the attack is possible. Anyhow, not accepting these E-Mails would break backward compatibility.
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2020-12-25

status: open --> wont-fix
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Patrick Brunschwig - 2020-12-25

There is a general consensus in the OpenPGP email world that the UID should be considered decorative. This is also what the Autocrypt specification suggests. It's not difficult to fake the sender email address, even if you're not the author of the mail.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Check, if claimed sender and signer of an e-mail match

OpenPGP addon for Mozilla Thunderbird

Searches

Help

#612 Check, if claimed sender and signer of an e-mail match

Discussion