Content filtering breaks some PGP Mime signed messages.
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
GNU Mailman |
Fix Released
|
Medium
|
Mark Sapiro |
Bug Description
In some cases it is inevitable that Mailman's content filtering will break a PGP MIME signature. I.e., if content filtering removes signed content, the signature will be broken.
For example, assume an original message is multipart/
These are inevitable results of content filtering, and content filtering should override signature preservation or people could avoid having their content filtered just by signing their posts.
There is however a situation that has developed where signature breaking can be avoided. The latest (at the time of writing) versions of enigmail will sign a message in the following way. Assume the original unsigned message is just text/plain. It could be more complex, but the following still holds.
The text/plain (or whatever) message is first recast as multipart mixed like:
Content-Type: multipart/mixed; boundary="bbbbbb"
From: (Original from)
To: (Original to)
Message-ID: (original message-id)
Subject: (original subject)
--bbbbbb
Content-Type: (original message's content-type)
Content-
(remainder of original message)
--bbbbbb--
Then the signed message is created with structure
multipart/signed
multipart/mixed
text/plain (or whatever the original was)
application
(signature of the multipart/mixed part)
The problem is Mailman has logic to detect multipart parts with only one sub-part and collapse them to just the sub-part, so in this case, even though content filtering doesn't remove anything, it still collapses the above to
multipart/signed
text/plain (or whatever the original was)
(original message)
application
(signature of the multipart/mixed part)
and the signature is no longer valid. This can be fixed by short-circuiting the "collapse multipart parts with only one sub-part" logic when encountering a multipart/signed part and not collapsing anything below it.
Related branches
Changed in mailman: | |
status: | In Progress → Fix Committed |
Changed in mailman: | |
status: | Fix Committed → Fix Released |