[gmime-devel] verifying signatures from certificates with multiple user IDs

From: Daniel Kahn Gillmor <dkg fifthhorseman net>
To: Gmime Development <gmime-devel-list gnome org>
Subject: [gmime-devel] verifying signatures from certificates with multiple user IDs
Date: Thu, 27 May 2021 10:57:17 -0400

Hi GMime folks--

The GMimeCertificate interface only presents a single (highest-validity)
user ID and e-mail address.

Many certificates (both OpenPGP and X.509) have multiple user IDs and
multiple e-mail addresses in them.  My own OpenPGP certificate has three
User IDs, two of which contain e-mail addresses:

pub   ed25519 2020-12-27 [C] [expires: 2023-12-24]
      C29F8A0C01F35E34D816AA5CE092EB3A5CA10DBA
uid            Daniel Kahn Gillmor
uid            <dkg debian org>
uid            <dkg fifthhorseman net>
sub   ed25519 2020-12-27 [S] [expires: 2023-12-24]
sub   cv25519 2020-12-27 [E] [expires: 2023-12-24]

For X.509, each subjectAltName can contain a distinct e-mail address.

When validating a signature over a particular e-mail message, one
question a reasonable MUA wants to ask is "does the signature come from
a certificate that has an e-mail address that matches the apparent
sender of the message?"

But if the certificate information provided happens to pick the e-mail
address from the wrong User ID, then it will look like a mismatch.

For example, i'm sending this e-mail from my dkg fifthhorseman net
account, but if you happen to have my OpenPGP certificate stored in the
order that it shows up here (with dkg debian org first), then the
GMimeCertificate's email member will contain "dkg debian org" instead of
the actual From: address.

How should a GMime user deal with this?  I know that an API to support
multiple e-mail addresses (and/or multiple User IDs) is more complex, as
would be the storage data structure, and that would require an API
change.

Another approach would be to retain some contextual information about
the message being validated during signature validation, and to
preferentially select e-mail addresses (of the highest validity) that do
match the sending context.

This was all mentioned in the commit message
d6701744522167728e074c44800e1714a39ea562 back in 2017, but i don't think
anyone has done the work to provide the improved interface.

What do folks think is the right way to resolve the problem?

I've also opened https://github.com/jstedfast/gmime/issues/103 with this
issue, in case people prefer to track the problem on github, but i
wanted to open discussion on-list for folks who follow the discussion
here.

       --dkg

Attachment: signature.asc
Description: PGP signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]