[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: MIME media type literal packet in OpenPGP
On Mar 11, 2011, at 1:39 PM, Vinnie Moscaritolo wrote:
> * PGP Signed: 03/11/2011 at 10:39:52 AM
> I just posted an informational draft about some minor changes that the PGP sdk
> is now supporting. comments and complaints are welcome.
> be kind, this is my first time doing this.
This looks reasonable enough to me.
I'd add a note to the Security Considerations section that when using this method on a signed document, the MIME type is changeable without invalidating the signature (since the signature hash does not cover the literal packet metadata). This could allow an attacker to force a particular content handler to run (say, by changing text/plain to image/jpeg). When encrypting (or signing+encrypting) the MDC helps you here, but for a signed (only) document, there is an opening for mischief.
Also, a minor typo:
By providing more information beyond the existing binary and text
formats this extension and can enable the automated selection of an
appropriate media viewer for the decoded content.
"...and can enable..." should probably be "...can enable...".
I like this bit:
o The MIME media type MAY have an OPTIONAL null byte termination.
Any data that follows such a null byte should be discarded and not
considered part of the MIME media type.
That effectively leaves open a possibility of having a third (hopefully small) string in that field, which may be useful someday.
Implementation-wise, there is a minor gotcha here as GPG actually allows nulls in the filename. By default, GPG ignores the filename field, but there is an option (--use-embedded-filename) which tells GPG to actually use that field for the filename, and it will interpret a null as a literal "\0" (i.e. backslash plus zero). I wouldn't worry terribly much about it, but if this draft is adopted we'll have to update GPG to handle it.