From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jens Lechtenboerger Newsgroups: gmane.emacs.bugs Subject: bug#18718: Encrypted messages expose Bcc identities Date: Sun, 27 Dec 2015 16:51:40 +0100 Message-ID: <8760zjyjn7.fsf@informationelle-selbstbestimmung-im-internet.de> References: <86y4sitzcx.fsf@informationelle-selbstbestimmung-im-internet.de> <8737uoq4gj.fsf@gnus.org> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: ger.gmane.org 1451231548 25913 80.91.229.3 (27 Dec 2015 15:52:28 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 27 Dec 2015 15:52:28 +0000 (UTC) Cc: 18718@debbugs.gnu.org To: Lars Ingebrigtsen Original-X-From: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Sun Dec 27 16:52:16 2015 Return-path: Envelope-to: geb-bug-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1aDDcF-0008OS-Nt for geb-bug-gnu-emacs@m.gmane.org; Sun, 27 Dec 2015 16:52:15 +0100 Original-Received: from localhost ([::1]:41933 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDDcF-0005o3-7q for geb-bug-gnu-emacs@m.gmane.org; Sun, 27 Dec 2015 10:52:15 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:38789) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDDc7-0005jq-Se for bug-gnu-emacs@gnu.org; Sun, 27 Dec 2015 10:52:11 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1aDDc2-0003Uy-Ps for bug-gnu-emacs@gnu.org; Sun, 27 Dec 2015 10:52:07 -0500 Original-Received: from debbugs.gnu.org ([208.118.235.43]:36908) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1aDDc2-0003Ut-Mf for bug-gnu-emacs@gnu.org; Sun, 27 Dec 2015 10:52:02 -0500 Original-Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84) (envelope-from ) id 1aDDc2-0004gw-8R; Sun, 27 Dec 2015 10:52:02 -0500 X-Loop: help-debbugs@gnu.org Resent-From: Jens Lechtenboerger Original-Sender: "Debbugs-submit" Resent-CC: bug-gnu-emacs@gnu.org, bugs@gnus.org Resent-Date: Sun, 27 Dec 2015 15:52:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 18718 X-GNU-PR-Package: emacs,gnus X-GNU-PR-Keywords: security Original-Received: via spool by 18718-submit@debbugs.gnu.org id=B18718.145123151518021 (code B ref 18718); Sun, 27 Dec 2015 15:52:02 +0000 Original-Received: (at 18718) by debbugs.gnu.org; 27 Dec 2015 15:51:55 +0000 Original-Received: from localhost ([127.0.0.1]:44510 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDDbu-0004gb-Kt for submit@debbugs.gnu.org; Sun, 27 Dec 2015 10:51:54 -0500 Original-Received: from mx1.mailbox.org ([80.241.60.212]:35697) by debbugs.gnu.org with esmtp (Exim 4.84) (envelope-from ) id 1aDDbt-0004gM-7N for 18718@debbugs.gnu.org; Sun, 27 Dec 2015 10:51:53 -0500 Original-Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id E357F42218; Sun, 27 Dec 2015 16:51:46 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Original-Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id X_ZpRS65LTZ4; Sun, 27 Dec 2015 16:51:42 +0100 (CET) OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc In-Reply-To: <8737uoq4gj.fsf@gnus.org> (Lars Ingebrigtsen's message of "Sat, 26 Dec 2015 22:34:36 +0100") User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.1.50 (gnu/linux) X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 208.118.235.43 X-BeenThere: bug-gnu-emacs@gnu.org List-Id: "Bug reports for GNU Emacs, the Swiss army knife of text editors" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Original-Sender: bug-gnu-emacs-bounces+geb-bug-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.bugs:110782 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On 2015-12-26, at 22:34, Lars Ingebrigtsen wrote: > Jens Lechtenboerger writes: > >> 4. Send an encrypted e-mail to yourself, with one To address and one >> Bcc address. Read the mail received under the To address, where >> you should not be able to identify the Bcc recipient. >> Note that buffer *epg-debug* mentions that the message was >> encrypted to two keys (including both key IDs and e-mail >> addresses). The Bcc recipient is clearly visible. > > [...] > >> On 2014-09-21 I posted some suggestions to the ding mailing list >> concerning my package DefaultEncrypt, which contains a workaround. > > Would it be possible for you to create a patch for this against the > version of Message in 25.1? A patch is attached. The new function mml-secure-bcc-is-safe does nothing on its own but can be added to message-send-hook or called from message-send and friends. Concerning documentation: I=E2=80=99m currently involved in a refactoring effort for encryption related functionality, which takes place in the Gnus git under branch mml-refactoring. There, Message documentation is already extended with a section =E2=80=9CBcc Warning=E2=80= =9D which could be extended. (Also, gnus-subsetp, which is part of this patch, is already present in the branch mml-refactoring.) Best wishes Jens --=-=-= Content-Type: text/x-diff Content-Disposition: inline; filename=0001-Identify-unsafe-combinations-of-Bcc-and-encryption.patch >From f9fb01a6b013963e0d8021b5da587cc548c1ea9a Mon Sep 17 00:00:00 2001 From: Jens Lechtenboerger Date: Sun, 27 Dec 2015 16:29:02 +0100 Subject: [PATCH] Identify unsafe combinations of Bcc and encryption --- ChangeLog.2 | 8 ++++++++ lisp/gnus/gnus-util.el | 10 ++++++++++ lisp/gnus/mml-sec.el | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 64 insertions(+) diff --git a/ChangeLog.2 b/ChangeLog.2 index 6d72663..971a3b5 100644 --- a/ChangeLog.2 +++ b/ChangeLog.2 @@ -1,3 +1,11 @@ +2015-12-27 Jens Lechtenboerger + + Identify unsafe combinations of Bcc and encryption + + * lisp/gnus/gnus-util.el (gnus-subsetp): New function + * lisp/gnus/mml-sec.el (mml-secure-safe-bcc-list): New variable + * lisp/gnus/mml-sec.el (mml-secure-bcc-is-safe): New function + 2015-12-27 Lars Ingebrigtsen * shr.el (shr-descend): Allow using lambdas in external functions. diff --git a/lisp/gnus/gnus-util.el b/lisp/gnus/gnus-util.el index 40e2dcf..933387d 100644 --- a/lisp/gnus/gnus-util.el +++ b/lisp/gnus/gnus-util.el @@ -1989,6 +1989,16 @@ to case differences." (defun gnus-timer--function (timer) (elt timer 5))) +(defun gnus-subsetp (list1 list2) + "Return t if LIST1 is a subset of LIST2. +Similar to `subsetp' but use member for element test so that this works for +lists of strings." + (when (and (listp list1) (listp list2)) + (if list1 + (and (member (car list1) list2) + (gnus-subsetp (cdr list1) list2)) + t))) + (provide 'gnus-util) ;;; gnus-util.el ends here diff --git a/lisp/gnus/mml-sec.el b/lisp/gnus/mml-sec.el index 45da937..dbae280 100644 --- a/lisp/gnus/mml-sec.el +++ b/lisp/gnus/mml-sec.el @@ -122,6 +122,21 @@ Whether the passphrase is cached at all is controlled by :group 'message :type 'integer) +(defcustom mml-secure-safe-bcc-list nil + "List of e-mail addresses that are safe to use in Bcc headers. +EasyPG encrypts e-mails to Bcc addresses, and the encrypted e-mail +by default identifies the used encryption keys, giving away the +Bcc'ed identities. Clearly, this contradicts the original goal of +*blind* copies. +For an academic paper explaining the problem, see URL +`http://crypto.stanford.edu/portia/papers/bb-bcc.pdf'. +Use this variable to specify e-mail addresses whose owners do not +mind if they are identifiable as recipients. This may be useful if +you use Bcc headers to encrypt e-mails to yourself." + :version "25.1" + :group 'message + :type '(repeat string)) + ;;; Configuration/helper functions (defun mml-signencrypt-style (method &optional style) @@ -272,6 +287,37 @@ Use METHOD if given. Else use `mml-secure-method' or (interactive) (mml-secure-part "smime")) +(defun mml-secure-is-encrypted-p () + "Check whether secure encrypt tag is present." + (save-excursion + (goto-char (point-min)) + (re-search-forward + (concat "^" (regexp-quote mail-header-separator) "\n" + "<#secure[^>]+encrypt") + nil t))) + +(defun mml-secure-bcc-is-safe () + "Check whether usage of Bcc is safe (or absent). +Bcc usage is safe in two cases: first, if the current message does +not contain an MML secure encrypt tag; +second, if the Bcc addresses are a subset of `mml-secure-safe-bcc-list'. +In all other cases, ask the user whether Bcc usage is safe. +Raise error if user answers no. +Note that this function does not produce a meaningful return value: +either an error is raised or not." + (when (mml-secure-is-encrypted-p) + (let ((bcc (mail-strip-quoted-names (message-fetch-field "bcc")))) + (when bcc + ;; Split recipients at "," boundary, omit empty strings (t), + ;; and strip whitespace. + (let ((bcc-list (split-string hdr "," t "\\s-+"))) + (unless (gnus-subsetp bcc-list mml-secure-safe-bcc-list) + (unless (yes-or-no-p "Message for encryption contains Bcc header.\ + This may give away all Bcc'ed identities to all recipients.\ + Are you sure that this is safe?\ + (Customize `mml-secure-safe-bcc-list' to avoid this warning.) ") + (error "Aborted")))))))) + ;; defuns that add the proper <#secure ...> tag to the top of the message body (defun mml-secure-message (method &optional modesym) (let ((mode (prin1-to-string modesym)) -- 1.9.1 --=-=-=--