Re: Two Identified Internet Mail Vulnerabilities

[Douglas Otis <dotis@xxxxxxxxxxxxxx>]

On Wed, 2005-02-02 at 16:12 -0800, Jim Fenton wrote:
> Thomas Roessler wrote:
> 
> > There seem to be two security-relevant vulnerabilities in
> > draft-fenton-identified-mail-01.txt.
> >
> > 1. MIME.  When a site sends e-mail with the body length count
> > different from -1, then an attacker can change the message's
> > "Content-Type" header to "multipart/mixed" with a boundary parameter
> > that occurs nowhere in the message's body.  The attacker can then
> > proceed to append a valid MIME multipart body to the message without
> > invalidating the IIM signature. According to section 5.5.1, of RFC
> > 2046, receiving agents will have to ignore the original signed
> > message's content, and display only the material appended by the
> > attacker.
> >
> > One cure to this attack would consist in using multipart/signed
> > messages, as PGP/MIME and S/MIME do.  
>
> That's very interesting; this is the first I have heard of this 
> vulnerability.
> 
> It occurs to me that requiring the signing of the Content-Type header 
> would address this problem.  Do you think so?

One solution would be to remove all content not included within the
signature before allowing a message to pass.  There are issues
surrounding other fields as well, whether this is improving upon the DK
header tagging, or the approach used by IIM.  These checks should be
seen as diagnostics.  When used to "recover" a message however, any
content detected as having been added MUST be removed.  This would
encourage mailing lists to leave signed messages alone, or add their own
signature.  It would also prevent these types of concerns.

-Doug