From: "Łukasz Stelmach" <stlman@poczta.fm>
To: ding@gnus.org
Subject: Re: [BUG] mml2015-epg-find-usable-key finds unusable key
Date: Sun, 17 Feb 2013 08:47:09 +0100 [thread overview]
Message-ID: <87vc9rtm9u.fsf%stlman@poczta.fm> (raw)
In-Reply-To: <878v6nskem.fsf-ueno@gnu.org>
[-- Attachment #1: Type: text/plain, Size: 1626 bytes --]
Daiki Ueno <ueno@gnu.org> writes:
> Łukasz Stelmach <stlman@poczta.fm> writes:
>
>>>> + (string-match
>>>> + "^\\(0x\\)?[[:xdigit:]]\\{8\\}\\([[:xdigit:]]\\{8\\}\\)?$"
>>>> + recipient))
>>>
>>> I think this can be simplified to:
>>>
>>> (not (string-match "\\`<" recipient))
>>>
>>> since all the mml2015-epg-* functions normalize recipient addresses in
>>> the form of "<foo@bar>", so they only match email addresses.
>>
>> Indeed, however I still think we should check this the hard way: return
>> t if and *only* if it is a key-id. The simpler check *might* result in
>> information disclosure if a message is encrypted to a revoked uid.
>
> Sorry, I don't quite understand here. What's the senario you are
> thinking of? I think the only case RECIPIENT doesn't start with "<" is,
> a user sets mml2015-signers manually. How does it cause information
> disclosure?
It should not be a problem in case of mml2015-signers (I have analysed
this case thoroughly). However, I don't like mml2015-signers work now,
an have some ideas (and even some code) to improve it. What I mean, here
is a rather hypothetical case when someone writes some code forgetting
about your assumption of normalisation. We can say: "let the guy shoot
his own foot", but I think we shouldn't. We should rather follow the
logic: assume key-id is a correct uid. In such case we should check the
input for *being* the key-id rather than not being an e-mail address.
I am not a security expert but this seems more security-wise correct and
future proof to me.
--
Miłego dnia,
Łukasz Stelmach
[-- Attachment #2: Type: application/pgp-signature, Size: 619 bytes --]
next prev parent reply other threads:[~2013-02-17 7:47 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-02-13 19:55 Łukasz Stelmach
2013-02-14 19:28 ` Łukasz Stelmach
2013-02-15 4:05 ` Daiki Ueno
2013-02-15 7:59 ` Łukasz Stelmach
2013-02-15 9:14 ` Daiki Ueno
2013-02-16 18:35 ` Łukasz Stelmach
2013-02-16 21:11 ` Łukasz Stelmach
2013-02-17 3:12 ` Daiki Ueno
2013-02-17 7:47 ` Łukasz Stelmach [this message]
2013-02-17 9:02 ` Daiki Ueno
2013-02-17 10:20 ` Daiki Ueno
2013-02-17 21:29 ` Łukasz Stelmach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87vc9rtm9u.fsf%stlman@poczta.fm \
--to=stlman@poczta.fm \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).