[Enigmail] spoofability of inline-signed messages in enigmail

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue May 5 09:26:46 PDT 2009 

When enigmail encounters an inline PGP signature, it replaces the header
and footer with: "********* *BEGIN ENCRYPTED or SIGNED PART* *********"
and "********** *END ENCRYPTED or SIGNED PART* **********" lines.

But these injections seem dubious due to their spoofability.  For
example, what's to stop an attacker from writing a cleartext message
that includes the same literal header and footer, and then appending a
legitimately inline-signed message to that?  In this modern era of
cruft-ridden top-posting, it would be pretty easy to sneak a copy of a
small, signed post by a given author somewhere into the body of the
forged message, and then to explicitly place the "*BEGIN ENCRYPTED or
SIGNED PART*" wrappers around text that you want to claim the person signed.

So if Dave wants to steal Alice's pet dog, he might send the following
forged message to the kennel holding the dog:

====8<====8<====8<====8<====8<====8<====8<====8<====8<====

From: Alice <alice at example.org>
To: Kennel <kennel at example.com>
Content-Type: text/plain; charset="us-ascii"

********* *BEGIN ENCRYPTED or SIGNED PART* *********

I, Alice, agree that Dave can take my pet spaniel since he promised to
take good care of him.

********** *END ENCRYPTED or SIGNED PART* **********

Dave wrote:

Alice, i wish you would reconsider.  I'll take good care of him, please!

Alice wrote earlier:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dave, i'd really rather not part with my pet spaniel.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEVAw33edsfencOpHodsOiwAQiCEAf/dSfhiQgqbkLedJYuyRweZIzMVj+FgobL
Iaweg34g34sD4e7o8aYS8B6zVSLVMqHXOn+SqQG5lx1Sw2duptnHdB1iMYEAczmK
TJFpfP+LDnYgeNMQSU+qiRJirERiGtHnLi8LULTvFJlBhhPZNi4Wnh/SqTZdnIB4
tGF57MsNuGGFvcsdFxvrV1J0ttAaa+aSk/ZKqlEV5XlpAL7ntMbs8H7tctGK4GLW
ZvlTjUv+FR9iJB/McvXG+p5GQnp29Kiaf2EviK2MRR0fYshE/qxiwa/hAAudR4rI
cS/EEqaOFftqJknufZaYSLOHpSijo72EDNltVmTf/9XJXpqdM196FA==
=jjBc
-----END PGP SIGNATURE-----


====8<====8<====8<====8<====8<====8<====8<====8<====8<====

If the kennel at example.com is using enigmail to verify messages from
Alice, they may very well end up participating in a terrible dognapping
scheme!

Is there a way to avoid this kind of spoofing in the enigmail UI somehow?

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 890 bytes
Desc: OpenPGP digital signature
URL: <http://www.mozdev.org/pipermail/enigmail/attachments/20090505/d7ba3a49/attachment-0001.bin>

More information about the Enigmail mailing list