mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-11-25 12:28:09 +01:00
fd9a951249
These tests were an attempt to establish that the content of the "Legacy Display" part is the same as the actual protected headers of the message. But this is more conservative than we need to be. https://www.ietf.org/id/draft-autocrypt-lamps-protected-headers-02.html section 5.3 makes clear that the Legacy Display part is purely decorative, and section 5.2.1 clarifies that the detection can be done purely by MIME structure and Content-Type alone. Furthermore, now that we're accepting text/plain Legacy Display parts, it's not clear the lines in the Legacy Display part should be interpreted as needing an exact string match (e.g. "real" headers are likely to be RFC 2047 encoded, but the text/plain Legacy Display part probably should not be). The concerns that motivated this test in the past were twofold: that we might accidentally hide some information from the reader of the message that they should have available to them, or that we could introduce a covert channel that would be invisible to other clients. I no longer think these are significant concerns: a) There will be no accidental misidentification of a Legacy Display part. The identification of the Legacy Display part is unambiguous due to MIME structure and Content-Type. MIME structure MUST be the first child part of a two-part multipart/mixed Cryptographic Payload. And the protected-headers=v1 content-type parameter must be present on both the cryptographic payload and the legacy display part, so no one would accidentally generate this structure and have it be accidentally matched. b) As for creating a covert channel, many such channels already exist. For example, non-standard e-mail headers, custom MIME types, unusual MIME structures, etc, all make it possible to ship some content in a message that will be visible in some MUAs but not in others. This doesn't make the situation demonstrably worse. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> |
||
---|---|---|
.. | ||
crypto.c | ||
crypto.h | ||
error_util.c | ||
error_util.h | ||
gmime-extra.c | ||
gmime-extra.h | ||
hex-escape.c | ||
hex-escape.h | ||
Makefile | ||
Makefile.local | ||
repair.c | ||
repair.h | ||
string-util.c | ||
string-util.h | ||
talloc-extra.c | ||
talloc-extra.h | ||
unicode-util.c | ||
unicode-util.h | ||
util.c | ||
util.h | ||
xutil.c | ||
xutil.h | ||
zlib-extra.c | ||
zlib-extra.h |