Re: [gmime-devel] GMime gets support for inline PGP

[Daniel Kahn Gillmor <dkg fifthhorseman net>]

Hey Jeff--

On Thu 2017-03-16 09:28:47 -0400, Jeffrey Stedfast wrote:
> The new GMimePart functions only deal with inline-PGP (the GMimeMultipartSigned/Encrypted stuff deals with 
> the PGP/MIME stuff).

thanks for the clarifications...


> Text outside of the PGP begin/end markers will be stripped.
>
> Not sure that's the best solution, but... it's simple.

it's not only simple, it's also predictable and something that
implementers can reason clearly about.  I think that's healthy, thanks
for making that choice.

> >  2) what about messages that have multiple inline OpenPGP-related
> >     stanzas in the body (either signed or encrypted)?
>
> Not handled. GMime passes the entire content of the MIME part to gpgme
> and gpgme just handles the first block (afaik).

That's interesting for sure.  it'd probably be worth clarifying this.

> >  3) How does Gmime cope with the fact that the MIME headers themselves
> >     are not signed or encrypted in any way?
>
> Not really applicable here since g_mime_part_openpgp_decrypt/verify()
> should only be expected to deal with the content of the part and not
> the headers.
>
> GMime doesn't automatically decrypt or verify anything, you have to
> manually take that step.

Perhaps the documentation should clearly warn that interpreting the
decrypted part in the context of unsigned/unprotected headers is
potentially dangerous and allows an attacker to modify the meaning of
the signed text?

> I mostly did it because I'm trying to save code duplication among
> software using GMime.

understood, i appreciate having only one place to fix any problems that
come up ;)

     --dkg