GNU bug report logs - #45631
27.1; regression: message-forward-ignored-headers no longer applies when forwarding as MIME

Previous Next

Package: emacs;

Reported by: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>

Date: Sun, 3 Jan 2021 17:13:01 UTC

Severity: normal

Tags: fixed

Found in version 27.1

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #36 received at 45631 <at> debbugs.gnu.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
To: Lars Ingebrigtsen <larsi <at> gnus.org>
Cc: Robert Pluim <rpluim <at> gmail.com>, 45631 <at> debbugs.gnu.org
Subject: Re: bug#45631: 27.1; regression: message-forward-ignored-headers no
 longer applies when forwarding as MIME
Date: Tue, 12 Jan 2021 09:57:48 -0500

[Message part 1 (text/plain, inline)]
On Mon 2021-01-11 16:09:18 +0100, Lars Ingebrigtsen wrote:
> Well, we'd have to include the relevant headers at a minimum:
>
>   Content-Type: multipart/signed; boundary="=-=-=";
> 	micalg=pgp-sha256; protocol="application/pgp-signature"

I agree, but if the user is stripping the Content-Type header, i think
they're going to break a lot more than digital signatures or encryption
(imagine what that does to a multipart/alternative message).  I think
that stripping Content-Type is more of a case of "don't do that, then".
Maybe we even want to warn if the user tries to strip any of the
Content-* headers more generally.

> But this code is almost a couple of decades old, and I have no idea what
> the thought process behind this was at this date.  Anybody know?

As long as the code doesn't attempt to strip *internal* MIME headers
(that is, headers of subparts of the MIME structure) i think it should
be safe to apply it to the forwarded message.  

Note also that if we care about breakng cryptographic signatures more
generally, DKIM signatures are *more* likely to break if headers are
stripped than PGP/MIME or S/MIME, as DKIM is capable of covering headers
directly.  Even given that concern, i think the most we'd want the
"best" setting to do to constrain header stripping would be to compare
the stripped version of the file to the non-stripped version -- if the
non-stripped version passes DKIM validation, but the stripped does not,
then either produce a warning message about DKIM signature breakage or
(if in an interactive mode) prompt the user about whether they want to
apply the filter or not.

      --dkg

[signature.asc (application/pgp-signature, inline)]
This bug report was last modified 4 years and 180 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.