From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: "Örjan Ekeberg" <ekeberg@kth.se>,
"Ralph Seichter" <abbot@monksofcool.net>,
notmuch@notmuchmail.org
Subject: Re: feature request: caching message arrival time
Date: Mon, 03 Jun 2019 18:21:19 -0400 [thread overview]
Message-ID: <875zpmgvj4.fsf@fifthhorseman.net> (raw)
In-Reply-To: <87imtmpsgi.fsf@swing.csc.kth.se>
[-- Attachment #1: Type: text/plain, Size: 1129 bytes --]
On Mon 2019-06-03 18:02:53 +0200, Örjan Ekeberg wrote:
> As far as I understand the autocrypt protocol (i.e. not much;-) ), the
> vulnerability is that an incoming message with a later time-stamp than
> the locally saved autocrypt status can update the stored state
> (e.g. turn off encryption). Manipulating the time-stamp to make the
> message appear to be *older* than it really is should only mean that it is
> less likely to update the saved state?
>
> If this is correct, using the oldest of all the time-stamps seen in the
> Date-header and any of the Received-headers should be the most
> defensive.
It's the most defensive against one form of attack: forging e-mails
intended to update the user's Autocrypt state about a given peer.
But another form of attack is also possible: convincing the user to
*not* update their Autocrypt state about a given peer, while leaving the
original message otherwise plausible and intact, thereby raising no
suspicions about delivery problems.
I'd like notmuch's Autocrypt implementation to try to defend against
either attack where possible.
--dkg
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]
prev parent reply other threads:[~2019-06-04 8:15 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-01 3:29 feature request: caching message arrival time Daniel Kahn Gillmor
2019-06-01 14:13 ` David Bremner
2019-06-01 14:19 ` Ralph Seichter
2019-06-01 15:30 ` Daniel Kahn Gillmor
2019-06-03 8:57 ` Örjan Ekeberg
2019-06-03 13:17 ` Daniel Kahn Gillmor
2019-06-03 14:02 ` Ralph Seichter
2019-06-03 22:16 ` Daniel Kahn Gillmor
2019-06-03 16:02 ` Örjan Ekeberg
2019-06-03 22:21 ` Daniel Kahn Gillmor [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=875zpmgvj4.fsf@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=abbot@monksofcool.net \
--cc=ekeberg@kth.se \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).