Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 May 2018 17:40:04 +1000
From: Brian May <>
To: Yves-Alexis Perez <>,
Subject: Re: PGP/MIME and S/MIME mail clients vulnerabilities

Yves-Alexis Perez <> writes:

> So, as far as I can tell, in that attack scenario (where the attacker has
> read/write access to encrypted mails):
> - S/MIME is completely broken at the protocol level since it has no way to
> defend against blind modification. Only mitigation for the clients are to
> prevent HTML mails and/or prevent loading of external resources. There might
> be other avenues to exploit the vulnerability in the future though.
> - PGP/MIME is a bit safer because the OpenPGP format compresses plaintext
> before encryption (which makes it harder for the attacker) and has some kind
> of authenticated (symmetric) encryption (the MDC), which helps gnupg detects
> modifications to the cyphertext. Most mail clients properly handle gnupg hints
> when something went wrong but the external interface is a bit fragile (gnupg
> will still output the cleartext, for example). One exception is apparently
> Thunderbird with enigmail before 2.0.0, but this is now fixed (I didn't find
> the proper commit yet). Again, not displaying HTML mails and not allowing
> remote content loading can help, but other “backchannels” might be found in
> the future.

Have a look at some official statements on this:


For the case of PGP it sounds like the only problems occur when mail
clients ignore the GPG hints.

For S/MIME, it does sound like the standard is broken and needs fixing.

If I understand this correctly, the "Direct Exfiltration" is an attack
that doesn't require modifying the encrypted data - so presumably the
MDC in PGP won't help. To me this sounds like a email client problem
(allowing mixing encrypted and encrypted data in the one HTML document
seems like a very bad idea), but the page says the
standards need to be updated to fix this.
Brian May <>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ