Hi Kurt, On Thu, Apr 18, 2024 at 08:38:29PM -0400, Kurt Hackenberg wrote: > On Thu, Apr 18, 2024 at 06:37:50PM +0200, Alejandro Colomar wrote: > > > I reported around a month ago a couple of security vulnerabilities to > > neomutt(1), but which are also present in mutt(1) and every MUA > > So the main security vulnerability is that a recipient can tamper with > header fields, and then reuse the message in some way, perhaps resend it? > And you propose to cryptographically sign certain headers to detect > tampering?
Yes. And as Kevin pointed out, mutt(1) is already doing this. It just doesn't show it in the receiving side (I can't understand why). So, at least someone else thought in the past that it was a good idea too. > Signing header fields sounds reasonable, but I don't entirely like an > implementation that puts a copy of them in the message body, to be covered > by GPG. I'd prefer something more direct, that signs headers without > copying them or modifying the message body. > > DKIM already exists, and signs header fields. It publishes a key through > DNS, and so is used by the administrator of the sending domain rather than > by the end user. Is that acceptable? > > Email authentication: <https://en.wikipedia.org/wiki/Email_authentication> > > DKIM: <https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail> I don't trust too much anything not covered by GPG. And, as said, we don't need to patch mutt(1) to add this protection. Only to use it in the receiving side, which should be simple. Have a lovely day! Alex -- <https://www.alejandro-colomar.es/>
signature.asc
Description: PGP signature
