GNU bug report logs - #13551
24.3.50; epa-mail-encrypt chooses wrong key

Previous Next

To reply to this bug, email your comments to 13551 AT debbugs.gnu.org.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: bug-gnu-emacs <at> gnu.org
Subject: 24.3.50; epa-mail-encrypt chooses wrong key
Date: Fri, 25 Jan 2013 16:32:31 -0500

I have a public key for martin <at> gnu.org and a key for another martin at
another host.  When I encrypt a message to `martin' -- which means, in
my case, `martin <at> gnu.org' -- epa-mail-encrypt picks the other martin.

epa needs to know the default mail hostname so as to pick the correct
Martin.  It can get that from the value of user-mail-address, and
maybe have other ways to specify it.




In GNU Emacs 24.3.50.1 (mips64el-unknown-linux-gnu, GTK+ Version 2.12.12)
 of 2013-01-03 on chiefs-gnewsense
Bzr revision: 111408 rgm <at> gnu.org-20130103023757-9p8awd7j9mkf0ike
System Description:	Debian GNU/Linux 6.0.6 (squeeze)

Configured using:
 `configure CFLAGS=-O0 -g --with-gif=no --with-tiff=no --no-create
 --no-recursion'

Important settings:
  value of $LANG: en_US.UTF-8
  locale-coding-system: utf-8-unix
  default enable-multibyte-characters: t

Major mode: Mail

Minor modes in effect:
  gpm-mouse-mode: t
  tooltip-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t
  line-number-mode: t
  transient-mark-mode: t
  abbrev-mode: t

Recent input:
C-x b o u t g TAB RET g e ESC x e p a d RET y C-n C-n 
C-n C-p C-e @ g n u . o r g ESC x e p a SPC m a i l 
SPC e n c TAB RET y y y C-x C-s C-c C-s y C-x b o u 
t g TAB RET g C-p e C-x b o u t - 2 9 RET C-_ ESC DEL 
ESC DEL DEL ESC x e p a SPC m a i l SPC e n TAB RET 
y y C-x 4 b RET C-x o C-x k RET y e s RET ESC x r e 
p o r t SPC e m a c s SPC b u g RET

Recent messages:
Saving file /home/rms/outgoing/out-29...
Wrote /home/rms/outgoing/out-29
Send buffer contents as mail message? (y or n)  y
Sending...
Wrote /home/rms/outgoing/out-30
Sending...done
Undo!
No public key for rms-response-1w <at> gnu.org; skip it? (y or n)  y
No public key for rms-outgoing <at> gnu.org; skip it? (y or n)  y
Encrypting...done

Load-path shadows:
None found.

Features:
(shadow emacsbug mailalias epa-mail epa derived epg epg-config rmailmm
message sendmail format-spec rfc822 mml easymenu mml-sec mm-decode
mm-bodies mm-encode mailabbrev gmm-utils mailheader mail-parse rfc2231
dired t-mouse time-date rmailedit rmail rfc2047 rfc2045 ietf-drums
mm-util mail-prsvr mail-utils paren cus-start cus-load nadvice advice
help-fns tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win
x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list
newcomment lisp-mode register page menu-bar rfn-eshadow timer select
scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet
lao korean japanese hebrew greek romanian slovak czech european
ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook
help simple abbrev minibuffer loaddefs button faces cus-face macroexp
files text-properties overlay sha1 md5 base64 format env code-pages
mule custom widget hashtable-print-readable backquote
make-network-process dbusbind dynamic-setting system-font-setting
font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs)

-- 
Dr Richard Stallman
President, Free Software Foundation
51 Franklin St
Boston MA 02110
USA
www.fsf.org  www.gnu.org
Skype: No way! That's nonfree (freedom-denying) software.
  Use Ekiga or an ordinary phone call

Message #8 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Richard Stallman <rms <at> gnu.org>
Cc: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key
Date: Mon, 23 Sep 2019 18:40:49 +0200

Richard Stallman <rms <at> gnu.org> writes:

> I have a public key for martin <at> gnu.org and a key for another martin at
> another host.  When I encrypt a message to `martin' -- which means, in
> my case, `martin <at> gnu.org' -- epa-mail-encrypt picks the other martin.
>
> epa needs to know the default mail hostname so as to pick the correct
> Martin.  It can get that from the value of user-mail-address, and
> maybe have other ways to specify it.

I don't think any security-related software should be guessing based on
incomplete email addresses.  As far as I can tell, it requires a
complete match, which I guess means you have a key for "martin" (without
a domain name) in your key ring.

Choosing this is the right thing to do, I think, so I'm closing this bug
report.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #15 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551 acknowledged by developer
 (control message for bug #13551)
Date: Fri, 27 Sep 2019 07:05:06 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I don't think any security-related software should be guessing based on
  > incomplete email addresses.  As far as I can tell, it requires a
  > complete match, which I guess means you have a key for "martin" (without
  > a domain name) in your key ring.

That is totally unpredictable _for the user sending a reply_.
There are various possible ok things to do, but not that.

Please make this case do something predictable.

-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Message #18 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Richard Stallman <rms <at> gnu.org>
Cc: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551: acknowledged by developer (control message for bug
 #13551)
Date: Fri, 27 Sep 2019 18:12:22 +0200

Richard Stallman <rms <at> gnu.org> writes:

> [[[ To any NSA and FBI agents reading my email: please consider    ]]]
> [[[ whether defending the US Constitution against all enemies,     ]]]
> [[[ foreign or domestic, requires you to follow Snowden's example. ]]]
>
>   > I don't think any security-related software should be guessing based on
>   > incomplete email addresses.  As far as I can tell, it requires a
>   > complete match, which I guess means you have a key for "martin" (without
>   > a domain name) in your key ring.
>
> That is totally unpredictable _for the user sending a reply_.
> There are various possible ok things to do, but not that.
>
> Please make this case do something predictable.

I'm not sure I understand.  I think it does do something completely
predictable -- choose the key ring entry that matches what's in your
"From" header.  No guessing involved.

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #21 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551: acknowledged by developer (control message for bug
 #13551)
Date: Fri, 27 Sep 2019 21:32:21 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > I'm not sure I understand.  I think it does do something completely
  > predictable -- choose the key ring entry that matches what's in your
  > "From" header.

We seem to be failing to commnuicate.  My From header always says
"rms <at> gnu.org", but we're talking about the address I am sending to --
in the To field.  Is that what you mean?

The behavior that you describe is totally unpredictable for me because
it depends on data I don't know, and have no other reason to know.
When foo <at> bar.com sends me a key, I don't notice what other addresses
that key covers.  There is no reason to.  And those alternate short
addresses are not listed by epa-list-keys.

If I have a key for 'arthur <at> gnu.org' and another for
'arthur <at> berkeley.edu', it is a nuisice for me to check which one, if
either, lists just 'arthur' as an address.  Especially since when I
send mail to 'arthur <at> gnu.org' I may not even remember I know
'arthur <at> berkeley.edu'.

When I send mail to just 'arthur', that is equivalent by default to
'arthur <at> gnu.org'.  I often omit '@gnu.org' knowing this.

Encryption should do the same thing: treat 'arthur' as short for
'arthur <at> gnu.org'.  That way it will always encrypt for the person that
the mail is going to.

-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Message #24 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Richard Stallman <rms <at> gnu.org>
Cc: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551: acknowledged by developer (control message for bug
 #13551)
Date: Sat, 28 Sep 2019 21:47:13 +0200

Richard Stallman <rms <at> gnu.org> writes:

>   > I'm not sure I understand.  I think it does do something completely
>   > predictable -- choose the key ring entry that matches what's in your
>   > "From" header.
>
> We seem to be failing to commnuicate.  My From header always says
> "rms <at> gnu.org", but we're talking about the address I am sending to --
> in the To field.  Is that what you mean?

Yes; sorry.

> When I send mail to just 'arthur', that is equivalent by default to
> 'arthur <at> gnu.org'.  I often omit '@gnu.org' knowing this.
>
> Encryption should do the same thing: treat 'arthur' as short for
> 'arthur <at> gnu.org'.  That way it will always encrypt for the person that
> the mail is going to.

Emacs cannot possibly know that when you send to "arthur", that that
email will eventually end up going to "arthur <at> gnu.org".  It could guess,
but guessing in an security context is a no go.

So if you want to send somebody secure messages, you have to tell Emacs
what address the mail is going to: You can't just say "arthur".

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no

Message #27 received at 13551 <at> debbugs.gnu.org (full text, mbox):

From: Richard Stallman <rms <at> gnu.org>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: 13551 <at> debbugs.gnu.org
Subject: Re: bug#13551: acknowledged by developer (control message for bug
 #13551)
Date: Sat, 05 Oct 2019 09:18:38 -0400

[[[ To any NSA and FBI agents reading my email: please consider    ]]]
[[[ whether defending the US Constitution against all enemies,     ]]]
[[[ foreign or domestic, requires you to follow Snowden's example. ]]]

  > Emacs cannot possibly know that when you send to "arthur", that that
  > email will eventually end up going to "arthur <at> gnu.org".

Sure it can.  It could get the domain from mail-host-address.  We
could also create another variable specifically to control this.

The current behavior, as you described it, is not much better
security.  It is unpredictable in practice for the user.  However,
I am not sure how much security issue there is in sending A a message
encrypted for B.  Nobody can decrypt that message.

I have seen reason to think that the current behavior doesn't match
what you described.  I entered "To: rms" and encrypted the message.
It recognized that was me, rms <at> gnu.org, and encrypted with my key.

It did this even though my key does not list 'rms' with no host name as
an address (as far as I can tell).

gpg --edit-key rms <at> gnu.org gave me this:

    pub  4096R/2C6464AF2A8E4C02  created: 2013-07-20  expires: never       usage: SC  
	 ...
    sub ...

    [ultimate] (1). Richard Stallman <rms <at> gnu.org>

If the key had another address, wouldn't it be listed there?

In addition, after I run the encryption command,
plain 'rms' has been edited into 'rms <at> gnu.org'.  How does it know
to make that change?


-- 
Dr Richard Stallman
Founder, Free Software Foundation (https://gnu.org, https://fsf.org)
Internet Hall-of-Famer (https://internethalloffame.org)

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.