bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key

bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key

[Richard Stallman]

I have a public key for martin@gnu.org and a key for another martin at
another host.  When I encrypt a message to `martin' -- which means, in
my case, `martin@gnu.org' -- epa-mail-encrypt picks the other martin.

epa needs to know the default mail hostname so as to pick the correct
Martin.  It can get that from the value of user-mail-address, and
maybe have other ways to specify it.




In GNU Emacs 24.3.50.1 (mips64el-unknown-linux-gnu, GTK+ Version 2.12.12)
 of 2013-01-03 on chiefs-gnewsense
Bzr revision: 111408 rgm@gnu.org-20130103023757-9p8awd7j9mkf0ike
System Description:	Debian GNU/Linux 6.0.6 (squeeze)

Configured using:
 `configure CFLAGS=-O0 -g --with-gif=no --with-tiff=no --no-create
 --no-recursion'

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Mail

Minor modes in effect:
  gpm-mouse-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
C-x b o u t g TAB RET g e ESC x e p a d RET y C-n C-n 
C-n C-p C-e @ g n u . o r g ESC x e p a SPC m a i l 
SPC e n c TAB RET y y y C-x C-s C-c C-s y C-x b o u 
t g TAB RET g C-p e C-x b o u t - 2 9 RET C-_ ESC DEL 
ESC DEL DEL ESC x e p a SPC m a i l SPC e n TAB RET 
y y C-x 4 b RET C-x o C-x k RET y e s RET ESC x r e 
p o r t SPC e m a c s SPC b u g RET

Recent messages:
Saving file /home/rms/outgoing/out-29...
Wrote /home/rms/outgoing/out-29
Send buffer contents as mail message? (y or n)  y
Sending...
Wrote /home/rms/outgoing/out-30
Sending...done
Undo!
No public key for rms-response-1w@gnu.org; skip it? (y or n)  y
No public key for rms-outgoing@gnu.org; skip it? (y or n)  y
Encrypting...done

Load-path shadows:
None found.

Features:
(shadow emacsbug mailalias epa-mail epa derived epg epg-config rmailmm
message sendmail format-spec rfc822 mml easymenu mml-sec mm-decode
mm-bodies mm-encode mailabbrev gmm-utils mailheader mail-parse rfc2231
dired t-mouse time-date rmailedit rmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils paren cus-start cus-load nadvice advice
help-fns tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win
x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list
newcomment lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet
lao korean japanese hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook
help simple abbrev minibuffer loaddefs button faces cus-face macroexp
files text-properties overlay sha1 md5 base64 format env code-pages
mule custom widget hashtable-print-readable backquote
make-network-process dbusbind dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

-- 
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call

bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

> I have a public key for martin@gnu.org and a key for another martin at
> another host.  When I encrypt a message to `martin' -- which means, in
> my case, `martin@gnu.org' -- epa-mail-encrypt picks the other martin.
>
> epa needs to know the default mail hostname so as to pick the correct
> Martin.  It can get that from the value of user-mail-address, and
> maybe have other ways to specify it.

I don't think any security-related software should be guessing based on
incomplete email addresses.  As far as I can tell, it requires a
complete match, which I guess means you have a key for "martin" (without
a domain name) in your key ring.

Choosing this is the right thing to do, I think, so I'm closing this bug
report.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#13551: acknowledged by developer (control message for bug #13551)

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I don't think any security-related software should be guessing based on
  > incomplete email addresses.  As far as I can tell, it requires a
  > complete match, which I guess means you have a key for "martin" (without
  > a domain name) in your key ring.

That is totally unpredictable _for the user sending a reply_.
There are various possible ok things to do, but not that.

Please make this case do something predictable.

-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

bug#13551: acknowledged by developer (control message for bug #13551)

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > I don't think any security-related software should be guessing based on
>   > incomplete email addresses.  As far as I can tell, it requires a
>   > complete match, which I guess means you have a key for "martin" (without
>   > a domain name) in your key ring.
>
> That is totally unpredictable _for the user sending a reply_.
> There are various possible ok things to do, but not that.
>
> Please make this case do something predictable.

I'm not sure I understand.  I think it does do something completely
predictable -- choose the key ring entry that matches what's in your
"From" header.  No guessing involved.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#13551: acknowledged by developer (control message for bug #13551)

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I'm not sure I understand.  I think it does do something completely
  > predictable -- choose the key ring entry that matches what's in your
  > "From" header.

We seem to be failing to commnuicate.  My From header always says
"rms@gnu.org", but we're talking about the address I am sending to --
in the To field.  Is that what you mean?

The behavior that you describe is totally unpredictable for me because
it depends on data I don't know, and have no other reason to know.
When foo@bar.com sends me a key, I don't notice what other addresses
that key covers.  There is no reason to.  And those alternate short
addresses are not listed by epa-list-keys.

If I have a key for 'arthur@gnu.org' and another for
'arthur@berkeley.edu', it is a nuisice for me to check which one, if
either, lists just 'arthur' as an address.  Especially since when I
send mail to 'arthur@gnu.org' I may not even remember I know
'arthur@berkeley.edu'.

When I send mail to just 'arthur', that is equivalent by default to
'arthur@gnu.org'.  I often omit '@gnu.org' knowing this.

Encryption should do the same thing: treat 'arthur' as short for
'arthur@gnu.org'.  That way it will always encrypt for the person that
the mail is going to.

-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

bug#13551: acknowledged by developer (control message for bug #13551)

[Lars Ingebrigtsen]

Richard Stallman <rms@gnu.org> writes:

>   > I'm not sure I understand.  I think it does do something completely
>   > predictable -- choose the key ring entry that matches what's in your
>   > "From" header.
>
> We seem to be failing to commnuicate.  My From header always says
> "rms@gnu.org", but we're talking about the address I am sending to --
> in the To field.  Is that what you mean?

Yes; sorry.

> When I send mail to just 'arthur', that is equivalent by default to
> 'arthur@gnu.org'.  I often omit '@gnu.org' knowing this.
>
> Encryption should do the same thing: treat 'arthur' as short for
> 'arthur@gnu.org'.  That way it will always encrypt for the person that
> the mail is going to.

Emacs cannot possibly know that when you send to "arthur", that that
email will eventually end up going to "arthur@gnu.org".  It could guess,
but guessing in an security context is a no go.

So if you want to send somebody secure messages, you have to tell Emacs
what address the mail is going to: You can't just say "arthur".

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

bug#13551: acknowledged by developer (control message for bug #13551)

[Richard Stallman]

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Emacs cannot possibly know that when you send to "arthur", that that
  > email will eventually end up going to "arthur@gnu.org".

Sure it can.  It could get the domain from mail-host-address.  We
could also create another variable specifically to control this.

The current behavior, as you described it, is not much better
security.  It is unpredictable in practice for the user.  However,
I am not sure how much security issue there is in sending A a message
encrypted for B.  Nobody can decrypt that message.

I have seen reason to think that the current behavior doesn't match
what you described.  I entered "To: rms" and encrypted the message.
It recognized that was me, rms@gnu.org, and encrypted with my key.

It did this even though my key does not list 'rms' with no host name as
an address (as far as I can tell).

gpg --edit-key rms@gnu.org gave me this:

    pub  4096R/2C6464AF2A8E4C02  created: 2013-07-20  expires: never       usage: SC  
	 ...
    sub ...

    [ultimate] (1). Richard Stallman <rms@gnu.org>

If the key had another address, wouldn't it be listed there?

In addition, after I run the encryption command,
plain 'rms' has been edited into 'rms@gnu.org'.  How does it know
to make that change?


-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)