From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/82905 Path: news.gmane.org!not-for-mail From: =?utf-8?Q?=C5=81ukasz?= Stelmach Newsgroups: gmane.emacs.gnus.general Subject: Re: [BUG] mml2015-epg-find-usable-key finds unusable key Date: Sun, 17 Feb 2013 08:47:09 +0100 Message-ID: <87vc9rtm9u.fsf%stlman@poczta.fm> References: <87fw106la1.fsf%stlman@poczta.fm> <87bobk85tv.fsf%stlman@poczta.fm> <871ucg6k2g.fsf%stlman@poczta.fm> <878v6nskem.fsf-ueno@gnu.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Trace: ger.gmane.org 1361087345 16351 80.91.229.3 (17 Feb 2013 07:49:05 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 17 Feb 2013 07:49:05 +0000 (UTC) To: ding@gnus.org Original-X-From: ding-owner+M31171@lists.math.uh.edu Sun Feb 17 08:49:25 2013 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from util0.math.uh.edu ([129.7.128.18]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1U6z00-0001Yd-9y for ding-account@gmane.org; Sun, 17 Feb 2013 08:49:24 +0100 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by util0.math.uh.edu with smtp (Exim 4.63) (envelope-from ) id 1U6yyW-0003di-A1; Sun, 17 Feb 2013 01:47:52 -0600 Original-Received: from mx1.math.uh.edu ([129.7.128.32]) by util0.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.63) (envelope-from ) id 1U6yyR-0003dJ-Ah for ding@lists.math.uh.edu; Sun, 17 Feb 2013 01:47:47 -0600 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx1.math.uh.edu with esmtps (TLSv1:AES256-SHA:256) (Exim 4.76) (envelope-from ) id 1U6yyP-0006jq-9O for ding@lists.math.uh.edu; Sun, 17 Feb 2013 01:47:46 -0600 Original-Received: from plane.gmane.org ([80.91.229.3]) by quimby.gnus.org with esmtp (Exim 4.72) (envelope-from ) id 1U6yyN-0003bU-Am for ding@gnus.org; Sun, 17 Feb 2013 08:47:43 +0100 Original-Received: from list by plane.gmane.org with local (Exim 4.69) (envelope-from ) id 1U6yyg-00017E-Ln for ding@gnus.org; Sun, 17 Feb 2013 08:48:02 +0100 Original-Received: from p54af4923.dip0.t-ipconnect.de ([84.175.73.35]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 17 Feb 2013 08:48:02 +0100 Original-Received: from stlman by p54af4923.dip0.t-ipconnect.de with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 17 Feb 2013 08:48:02 +0100 X-Injected-Via-Gmane: http://gmane.org/ Original-Lines: 61 Original-X-Complaints-To: usenet@ger.gmane.org X-Gmane-NNTP-Posting-Host: p54af4923.dip0.t-ipconnect.de User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/23.2 (gnu/linux) Cancel-Lock: sha1:5cnmt3+StGB0hlMNuQIGaQ7JZHo= X-Spam-Score: -1.9 (-) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:82905 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Daiki Ueno writes: > =C5=81ukasz Stelmach writes: > >>>> + (string-match >>>> + "^\\(0x\\)?[[:xdigit:]]\\{8\\}\\([[:xdigit:]]\\{8\\}\\)?$" >>>> + recipient)) >>> >>> I think this can be simplified to: >>> >>> (not (string-match "\\`<" recipient)) >>> >>> since all the mml2015-epg-* functions normalize recipient addresses in >>> the form of "", so they only match email addresses. >> >> Indeed, however I still think we should check this the hard way: return >> t if and *only* if it is a key-id. The simpler check *might* result in >> information disclosure if a message is encrypted to a revoked uid. > > Sorry, I don't quite understand here. What's the senario you are > thinking of? I think the only case RECIPIENT doesn't start with "<" is, > a user sets mml2015-signers manually. How does it cause information > disclosure? It should not be a problem in case of mml2015-signers (I have analysed this case thoroughly). However, I don't like mml2015-signers work now, an have some ideas (and even some code) to improve it. What I mean, here is a rather hypothetical case when someone writes some code forgetting about your assumption of normalisation. We can say: "let the guy shoot his own foot", but I think we shouldn't. We should rather follow the logic: assume key-id is a correct uid. In such case we should check the input for *being* the key-id rather than not being an e-mail address. I am not a security expert but this seems more security-wise correct and future proof to me. =2D-=20 Mi=C5=82ego dnia, =C5=81ukasz Stelmach --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iQF8BAEBCgBmBQJRIIsUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ5MEY5NEM3QTI4NzRFNDc2ODMwNEMxNEYw MEI2OTc2QzYzOTFEMzcxAAoJEAC2l2xjkdNxr6wIAKQQxNHT1AsMae8X4qL0sgAs cS/nvfpoXyZGJIx2nR/MqPvppeM1b6R3Fd4lqY/S71XwHXN/PmnqW7nJxr+tkP4J yhPnv+KHZEXeLigYeHocUJeRGR4wjE2mUAiBXxexEimJY8MRhS54NvBl5x2hGgRC Z9Vqb11gjVieemADCnuUe1IXJRtcDBSpV1Ha/ePStQknRcuNUEzzwcbRuK938uNa M5QXjcKfxNStr/U8g42T65sBFiKfqG192XS7vik4VgoA1+48sJwjt1wr11lPSw3c opc4gr5G+2V+CNNIEdEpqAZUqZNZtLUHZwHRAFQXbGfUSFQb9J+HZfCqf8ZYwxw= =yCE5 -----END PGP SIGNATURE----- --=-=-=--