[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: PGP MIME INTERNET DRAFT considered harmful.



On May 22, 11:11pm, Paul Elliott wrote:
} Subject: Re: PGP MIME INTERNET DRAFT considered harmful.
}
} > > Suppose we want to send a signed .gif file to a sysop. The
} > > sysop wants to store the .gif in his download section. Suppose the sysop
} > > wants to store the signature as a detached signature so that people who
} > > download it can check the authorship. But the signature proposed by the
} > > PGP-MIME draft is useless for this purpose. It has MIME headers attached
} > > and it has been base64'ed. People who download such a file from a BBS
} > > have no use for it, unless they have MIME.
} > 
} > [...several other examples deleted...]
} > 
} > PGP/MIME is _not_ meant to be used in this fashion!  It never was!
} > PGP/MIME is only to be used for transport, not for long term storage.
} > If you need a persistent signature, you should generate a detached
} > signature as an attachment.
} 
} It should allow users to use it in such a fashion! PGP MIME should
} respect the wishes of the users! Software should not view users
} as tools to accomplish some goal predetermined by developers, but it
} should rather make it easy for the user to accomplish what the user
} wants!

PGP/MIME is not software!  PGP/MIME is a *spec* for *one part* of what
comprehensive secure email software should provide!  PGP/MIME is not
required to specify the entire software system, and should *not* be
interpreted as limiting the system to only the part it discusses!

I think that's enough exclamation points.  If you want a spec for the
kind of usage described above, one can be created.  Then, if it seems
necessary, yet a third spec can reference both PGP/MIME and your new
spec, and say that a mail system conforming to PGP security standards
shall provide both PGP/MIME and this other usage, and any other that
you happen to think of.  There's no reason to expect PGP/MIME to *be*
that all-encompassing third spec.  That's not what PGP/MIME is for,
which is what Michael has been trying to say all along.

} PGP MIME should allow users to sign those documents the user wishes
} to sign, faithfully transmitting those signatures to the receiver. It
} should not dictate that a user will sign an unintelligible artifact of
} a data transmission system.

Sigh.  The *point* is to use PGP to verify or secure the transmission
system -- not merely to secure the content being transmitted.  How can
that be done without including some "artifact" of the transmission within
the signed or encrypted content?

} > There is also another reason to sign the encoded version.  Remember that
} > it also includes the content headers of that part.  This is very important
} > especially for automated processing of messages.
} 
} The typical user does not necessarily know the difference between
} a .gif and a .jpg file. He only knows he wants to send this pretty picture
} on the screen.
} 
} If Malley ( the active message hacker ) hacks the content-type
} MIME line, all that will happen is that the message to be sent
} to the .gif viewer rather than the .jpg viewer, causing the message
} to be lost. But Malley already had the ability to loose the message,
} after all, he hacked it didn't he? In general, the content type line
} should not be signed.

I put forth this very issue on the IMC resolving-security mailing list
some weeks ago.  I encourage anyone who wasn't involved in the IMC
secure email discussions to check out the archive at:

    http://www.imc.org/workshop/mail-archive/

Briefly, the important thing to remember is that the content type is
not the only interesting thing that may appear in the MIME headers.
The headers may include checksums, part identifiers for external parts,
and so on.  There *is* a difference between securing a MIME body part
and securing the data contained in the part; RFC1847 applies in those
cases where securing the body part is important, and PGP/MIME applies
when you want to use PGP as the security mechanism.  That's it.

} If some technically advanced user wants to sign the content-type
} line, his wishes should be accommodated. But it should not be made
} a requirement that technically unsophisticated users attest to things
} they have no hope of understanding!

By that argument, users shouldn't be signing GIF or JPEG images either,
unless they know they're not just a pretty picture.

However, the thing to wrap your brain around is that IT IS NOT BEING
MADE A REQUIREMENT that the MIME headers be signed.  PGP/MIME specifies
*how* you sign (or encrypt) the MIME headers along with the content
*when that is the intent*.

The non-technical user doesn't need to know what the headers he's
signing are, any more than he needs to be able to read GIF format.
He does need to understand whether he's signing a simple data object
or a specific transmission of that object.  That's up to his software
to make clear, but it's *not* up to the PGP/MIME specification.

} I have gotten the impression that you guys have stopped listening.

So far all your arguments seem predicated on misunderstanding of the 
goals and scope of the thing you're arguing against.  That makes *us*
the ones who've stopped listening?

} In the future, other binary transports will become more common.
} 7 bit datapaths will become less common.
} Pressure will build for PGP MIME to support binary datapaths.
} 
} PGP MIME will have to go through a complicated migration path
} to phase in this transition. All this complexity can be avoided by
} doing the right thing now.

Actually, the migration path is simple, obvious, and almost completely
compatible with the current specification.  The only migration required
is to lift the 7-bit constraint in PGP/MIME section 3, and to apply the
<CR><LF> canonicalization in section 5 only to parts whose C-T-E is not
`binary'.

Michael, what do you think about adding a remark about handling of
the `binary' C-T-E to section 5, with the stipulation that it is there
in anticipation of a future version of the protocol?  The section 3
restriction is obviously desirable at this time, but a lot of spurious
objections might go away if the transition plan were laid out.

-- 
Bart Schaefer                     Vice President, Technology, Z-Code Software
[email protected]                  Division of NCD Software Corporation
http://www.well.com/www/barts           http://www.ncdsoft.com/ZMail/