On Thu, Apr 18, 2024 at 06:37:50PM +0200, Alejandro Colomar wrote:
I reported around a month ago a couple of security vulnerabilities to neomutt(1), but which are also present in mutt(1) and every MUA
So the main security vulnerability is that a recipient can tamper with header fields, and then reuse the message in some way, perhaps resend it? And you propose to cryptographically sign certain headers to detect tampering?
Signing header fields sounds reasonable, but I don't entirely like an implementation that puts a copy of them in the message body, to be covered by GPG. I'd prefer something more direct, that signs headers without copying them or modifying the message body.
DKIM already exists, and signs header fields. It publishes a key through DNS, and so is used by the administrator of the sending domain rather than by the end user. Is that acceptable?
Email authentication: <https://en.wikipedia.org/wiki/Email_authentication> DKIM: <https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail>
