From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/88038
Path: news.gmane.org!.POSTED!not-for-mail
From: Chris Marusich <cmmarusich@gmail.com>
Newsgroups: gmane.emacs.gnus.general
Subject: EFAIL: Never process a PGP message without a valid MDC
Date: Thu, 31 May 2018 22:17:53 -0700
Message-ID: <87d0xbaxvi.fsf@gmail.com>
NNTP-Posting-Host: blaine.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha256; protocol="application/pgp-signature"
X-Trace: blaine.gmane.org 1527830228 20219 195.159.176.226 (1 Jun 2018 05:17:08 GMT)
X-Complaints-To: usenet@blaine.gmane.org
NNTP-Posting-Date: Fri, 1 Jun 2018 05:17:08 +0000 (UTC)
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)
To: ding@gnus.org
Original-X-From: ding-owner+m36252@lists.math.uh.edu Fri Jun 01 07:17:04 2018
Return-path: <ding-owner+m36252@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from mxfilter-048034.atla03.us.yomura.com ([107.189.48.34])
	by blaine.gmane.org with esmtp (Exim 4.84_2)
	(envelope-from <ding-owner+m36252@lists.math.uh.edu>)
	id 1fOcQx-00057z-HE
	for ding-account@gmane.org; Fri, 01 Jun 2018 07:17:03 +0200
X-Yomura-MXScrub: 1.0
Original-Received: from lists1.math.uh.edu (unknown [129.7.128.208])
	by mxfilter-048034.atla03.us.yomura.com (Halon) with ESMTPS
	id 45ee3eba-655b-11e8-b9c7-b499baa2b07a;
	Fri, 01 Jun 2018 05:18:52 +0000 (UTC)
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by lists1.math.uh.edu with smtp (Exim 4.90_1)
	(envelope-from <ding-owner+M36252@lists.math.uh.edu>)
	id 1fOcS7-00055E-L1; Fri, 01 Jun 2018 00:18:15 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by lists1.math.uh.edu with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256)
	(Exim 4.90_1)
	(envelope-from <cmmarusich@gmail.com>)
	id 1fOcS2-00054g-JN
	for ding@lists.math.uh.edu; Fri, 01 Jun 2018 00:18:10 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1.2:ECDHE-RSA-AES128-GCM-SHA256:128)
	(Exim 4.90_1)
	(envelope-from <cmmarusich@gmail.com>)
	id 1fOcS0-0007yB-El
	for ding@lists.math.uh.edu; Fri, 01 Jun 2018 00:18:10 -0500
Original-Received: from mail-pl0-f68.google.com ([209.85.160.68])
	by new-quimby.gnus.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
	(Exim 4.84_2)
	(envelope-from <cmmarusich@gmail.com>)
	id 1fOcRy-0006Cq-U8
	for ding@gnus.org; Fri, 01 Jun 2018 07:18:07 +0200
Original-Received: by mail-pl0-f68.google.com with SMTP id i5-v6so14617173plt.2
        for <ding@gnus.org>; Thu, 31 May 2018 22:18:06 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20161025;
        h=from:to:subject:user-agent:date:message-id:mime-version;
        bh=psceC4fj7WTCxh5QmEXIvzqCryhVvGdoQN0p/Lyn7RU=;
        b=dnOOUmuMj3pkVN8ZzHGg5d1zgYZ+xL+/mw4/5GfH4EmwK67eY0Vk862e1fMt8KPy2n
         QBxHzlT+u8wlIBCVIYmloE6RQJQu4ptrD/AFBXtqCPv5NkIZu6XzWHyn3r/8QoGU7q7N
         6b38gf1Ua58jr5Db/3nydrVzy8TveS1g6DCo62l4EfmvhnjTOGUKAsO3nIyc/8mbHAfj
         3hJAd82QUXsemnvBOaM1u4STFifTppK+1XQOSzzOMrneJzeNjxjHrHJ83HomgzZ1EG/a
         SUMTLGk8ZFQBDvzM/d/umXEADa9Hlmie4pDbZutzKE9Hmam+YZKHmy6EBsuC5Wm697Jj
         I6sA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:from:to:subject:user-agent:date:message-id
         :mime-version;
        bh=psceC4fj7WTCxh5QmEXIvzqCryhVvGdoQN0p/Lyn7RU=;
        b=VCDIKVGZPnvfktRd1XcNs2VVp3wwsvSyduSbWYjqTz18p9B+X9iTRASnb5ujXuDoPc
         Eyy3WdH2jCbOoDGSchoox/OEpcY9dBa+FbWAHyugxM0WVBt0I/RcOpsWspDAc9pYfiBH
         /ZMPNp3WOEwNXjMQgcJ7qT4O2OZXM7tJdWfKvdShUPYrI1bzRrfuS4OFElb/NNcZeuLw
         aqtQidLQGok22naO4qPIZjSuLFT9zNAy5dXXia0y/4oZF9vUXLmV6iGoe89n+X910rCd
         d26PEiZMpvBdIQj1DR7EMpcH5he4nGiLMz9Q8oVItGQJRK4m9BbspnWCGjE/r9/b1EDb
         i4PQ==
X-Gm-Message-State: ALKqPwdaE26v9gxtvyumbgIqVAKjvcAFW7oq3UvxHVGOGtzRQdN+km4O
	Ajdzfpa8gmd3cNyTbkZLeu1mmg==
X-Google-Smtp-Source: ADUXVKJLWjSuibm6ThJzjKXuXYjM4prQXRK1Ch7vzO3lkzni8/71dwAfda4g0WmtPwSBvbJnf2z/rw==
X-Received: by 2002:a17:902:7244:: with SMTP id c4-v6mr9747481pll.265.1527830279352;
        Thu, 31 May 2018 22:17:59 -0700 (PDT)
Original-Received: from garuda.local (c-24-18-253-84.hsd1.wa.comcast.net. [24.18.253.84])
        by smtp.gmail.com with ESMTPSA id q24-v6sm8788045pfh.26.2018.05.31.22.17.57
        for <ding@gnus.org>
        (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
        Thu, 31 May 2018 22:17:57 -0700 (PDT)
X-Spam-Score: -2.0 (--)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:88038
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/88038>

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Hi,

I use Gnus for email.  In light of EFAIL [1][2], I'm trying to use Gnus
more securely.  In their official response to EFAIL, the GnuPG team
pointed out that the Modification Detection Code (MDC) feature of GnuPG
can protect against this kind of attack when used correctly [3].  They
recommend that you "check with your email plugin vendor to see if they
handle MDC errors correctly".  So here I am!

I'd like to ensure that, when decrypting email, if the MDC is either (1)
missing or (2) invalid, Gnus never processes the data in ways that
expose me to the risk of an EFAIL-style attack.  I understand that GnuPG
emits a warning about the MDC in some cases (e.g., if a non-modern
cipher algorithm is used without an MDC) and an error in others (e.g.,
if a modern cipher is used without an MDC) [4].  The messages apparently
look like this:

  gpg: encrypted with 256-bit ECDH key, ID 7F3B7ED4319BCCA8, created 2017-0=
1-01
        "Werner Koch <wk at gnupg.org>"
  [GNUPG:] BEGIN_DECRYPTION
  [GNUPG:] DECRYPTION_INFO 0 7
  [GNUPG:] PLAINTEXT 62 1526109594=20
  [GNUPG:] PLAINTEXT_LENGTH 69
  There is more to life than increasing its speed.
                  -- Mahatma Gandhi
  gpg: WARNING: message was not integrity protected
  [GNUPG:] DECRYPTION_FAILED
  [GNUPG:] END_DECRYPTION

In any case, until the MDC has been successfully validated, I don't want
Gnus to do anything risky, such as displaying the article to me.

What should I do to ensure that Gnus behaves the way I want?

Footnotes:=20
[1]  https://efail.de/

[2]  https://www.eff.org/deeplinks/2018/05/not-so-pretty-what-you-need-know=
-about-e-fail-and-pgp-flaw-0

[3]  https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060334.html

[4]  https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060320.html

=2D-=20
Chris

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEy/WXVcvn5+/vGD+x3UCaFdgiRp0FAlsQ1wEACgkQ3UCaFdgi
Rp13YA/9Gt4no2BVGXv1eXG5Wii4jmGfPngMhq5gXAtUM3HCWI92XTtD4Vj3By3W
8vn4OrGRPyFJWpDTuRKeb6Nnci9xlxktD/1Ky5io+elZOKi9oZUvOyBO7wkL77is
6nF2nOGB7ZGnucyQOA4KfEYmG1PZwtx2ZBfGxV74/emACpNDCAjP1L1RKAN2+XhT
kDWLVtYtUOvLsQdeYsGaBfQUlRDAZnIEbMlY8gfZOv1MYuIOqfgivcTM8Ycrz5DN
s7b1/UnBL694jWMB4w1tWH4wIIGDJZlhoziCn7obr+GksvkkqAotdBQE7Sgc/mUU
HHUz0S9psPh6BYmOgfslQYRAMJ/MN3nI8QKiU+eJfH4ROgqVDuuJ5Db0xJJI4N0+
1eMr9O7+vneIF90M0APeeK8z5Uc7sDyPDsTbPYHOkcqRQ34nvBTtZ8eT1xSnfsBk
3oHTS2+BbGesgUY/mDBDSnByRuP/V+WaeQ+OhdCKK7GRAY4qnhMoZdRCkgx/0Iyw
AzYyt6ddUWq2iJ0DZdGLe3KidsvW30lAiwvC4/1383ao3Un/nygwftNiFlS7pzMf
2sOzmc/f5PB7QKiMtrHkM6H659REPDlxsKNMaWzIPWNGpHpoNahtHz2AYcuzo7iJ
zs15sQFMSM3YGQoGsmJ5YEKK3JeqAuIUPySbPpTPh4ENOb3NOW0=
=chc7
-----END PGP SIGNATURE-----
--=-=-=--