From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Rob Browning Newsgroups: gmane.linux.debian.devel.bugs.general,gmane.emacs.bugs Subject: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t Date: Thu, 24 Apr 2014 14:12:38 -0500 Message-ID: <877g6eilsp.fsf@trouble.defaultvalue.org> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> Reply-To: Rob Browning , 745553@bugs.debian.org NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain X-Trace: ger.gmane.org 1398366923 19128 80.91.229.3 (24 Apr 2014 19:15:23 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Thu, 24 Apr 2014 19:15:23 +0000 (UTC) Cc: 745553-forwarded@bugs.debian.org, Daniel Kahn Gillmor , 745553@bugs.debian.org To: bug-gnu-emacs@gnu.org Original-X-From: bounce-debian-bugs-dist=glddb-debian-bugs-dist=m.gmane.org@lists.debian.org Thu Apr 24 21:15:15 2014 Return-path: Envelope-to: glddb-debian-bugs-dist@m.gmane.org Original-Received: from bendel.debian.org ([82.195.75.100]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1WdP74-00039b-HH for glddb-debian-bugs-dist@m.gmane.org; Thu, 24 Apr 2014 21:15:14 +0200 Original-Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with QMQP id 16C735D; Thu, 24 Apr 2014 19:15:14 +0000 (UTC) Old-Return-Path: Original-Received: from localhost (localhost [127.0.0.1]) by bendel.debian.org (Postfix) with ESMTP id A6836FF for ; Thu, 24 Apr 2014 19:15:13 +0000 (UTC) X-Virus-Scanned: at lists.debian.org with policy bank bug X-Spam-Flag: NO X-Spam-Score: -4.21 X-Spam-Level: X-Spam-Status: No, score=-4.21 tagged_above=-10000 required=5.3 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, T_RP_MATCHES_RCVD=-0.01] autolearn=ham Original-Received: from bendel.debian.org ([127.0.0.1]) by localhost (lists.debian.org [127.0.0.1]) (amavisd-new, port 2525) with ESMTP id X5bV7uN4ZH6I for ; Thu, 24 Apr 2014 19:15:08 +0000 (UTC) Original-Received: from buxtehude.debian.org (buxtehude.debian.org [140.211.166.26]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (Client CN "buxtehude.debian.org", Issuer "Debian SMTP CA" (not verified)) by bendel.debian.org (Postfix) with ESMTPS id 8920B5D; Thu, 24 Apr 2014 19:15:08 +0000 (UTC) Original-Received: from debbugs by buxtehude.debian.org with local (Exim 4.80) (envelope-from ) id 1WdP6u-0007lV-O3; Thu, 24 Apr 2014 19:15:04 +0000 X-Loop: owner@bugs.debian.org Resent-From: Rob Browning Resent-To: debian-bugs-dist@lists.debian.org X-Loop: owner@bugs.debian.org Resent-Date: Thu, 24 Apr 2014 19:15:02 +0000 Resent-Message-ID: X-Debian-PR-Message: followup 745553 X-Debian-PR-Package: emacs24-el X-Debian-PR-Keywords: X-Debian-PR-Source: emacs24 Original-Received: via spool by 745553-submit@bugs.debian.org id=B745553.139836676129153 (code B ref 745553); Thu, 24 Apr 2014 19:15:02 +0000 Original-Received: (at 745553) by bugs.debian.org; 24 Apr 2014 19:12:41 +0000 X-Spam-Bayes: score:0.0000 Tokens: new, 0; hammy, 151; neutral, 276; spammy, 0. spammytokens: hammytokens:0.000-+--H*UA:sk:x86_64-, 0.000-+--H*u:Notmuch, 0.000-+--H*u:notmuchmail.org, 0.000-+--H*UA:Notmuch, 0.000-+--H*UA:notmuchmail.org Original-Received: from defaultvalue.org ([70.85.129.156] ident=postfix) by buxtehude.debian.org with esmtp (Exim 4.80) (envelope-from ) id 1WdP4a-0007Zo-Qd; Thu, 24 Apr 2014 19:12:40 +0000 Original-Received: from trouble.defaultvalue.org (localhost [127.0.0.1]) (Authenticated sender: rlb@defaultvalue.org) by defaultvalue.org (Postfix) with ESMTPSA id 6B3AD209B3; Thu, 24 Apr 2014 14:12:38 -0500 (CDT) Original-Received: by trouble.defaultvalue.org (Postfix, from userid 1000) id 2904C14EB64; Thu, 24 Apr 2014 14:12:38 -0500 (CDT) In-Reply-To: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> User-Agent: Notmuch/0.17+133~g5348d19 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-pc-linux-gnu) X-CrossAssassin-Score: 2 X-Debian-Message: from BTS X-Mailing-List: archive/latest/1065078 X-Loop: debian-bugs-dist@lists.debian.org List-Id: List-URL: List-Post: List-Help: List-Subscribe: List-Unsubscribe: Precedence: list Resent-Sender: debian-bugs-dist-request@lists.debian.org Xref: news.gmane.org gmane.linux.debian.devel.bugs.general:1145550 gmane.emacs.bugs:88269 Archived-At: [If possible, please preserve the 745553-forwarded address in any replies.] This bug was filed recently, and I suspect it might be something you'd like to discuss upstream. Thanks Daniel Kahn Gillmor writes: > Package: emacs24-el > Version: 24.3+1-2 > Severity: normal > > Hi emacs maintainers! > > in > > /usr/share/emacs/24.3/lisp/gnus/mml2015.el.gz > > i see this variable definition: > > (defcustom mml2015-always-trust t > "If t, GnuPG skip key validation on encryption." > :group 'mime-security > :type 'boolean) > > This is a security risk for users of encrypted mail. i believe it > should be set to nil by default. > > Here's why: > > Consider Alice, who has OpenPGP certificates for "Bob > " and "Carol " in her keyring (in > that order). She has certified them both, so there is one valid > primary key for bob@example.org and one valid primary key for > alice@example.org. > > Bob turns evil (or maybe his key is compromised) and he adds a new > User ID: "Bob " to his OpenPGP cert. He publishes > the update to the keyservers. > > Alice, following best practices, updates her keyring from the > keyservers regularly. > > Alice's keyring now has two certs that have a "carol@example.org" user > ID in them. One of them is valid, and the other one is not. > > Alice now composes a message to "Carol " and marks > it with: > > <#secure method=pgpmime mode=signencrypt> > > As the message goes out, mml-mode just passes the e-mail address > carol@example.org to gpg to encrypt the message body, and gpg uses the > e-mail address to select a key. Since Bob's key is first in the > keyring, it is the one that will be used. > > Bob then sneaks a peak at Carol's e-mail (maybe they're delivered to the > same server, or he has a machine on the same network), catches the > message in transit, and can decrypt the content, violating Alice's > message confidentiality expectations. > > Please set mml2015-always-trust to default to "nil" instead of "t". > > --dkg > > -- System Information: > Debian Release: jessie/sid > APT prefers testing > APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages emacs24-el depends on: > ii emacs24-common 24.3+1-2 > > emacs24-el recommends no packages. > > emacs24-el suggests no packages. > > -- debconf-show failed > -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4