mailman, attachment and digital sign
Hello, we have installed "Mailman, the GNU Mailing List Manager" version 2.1.5 If we send a digital signed e-mail *with attachment* to a list we obtain the following message:
Digital Signature Is Not Valid This message includes a digital signature, but the signature is invalid. The signature does not match the message content correctly. The message appears to have been altered after the sender signed it. You should not trust the validity of this message until you verify its contents with the sender.
Without attachment, digital sign is OK.
In the past we have had the same problem even send simply digital signed e-mail (without attachment), but in the past mailman was used to add a message footer in all e-mail. We have modifed mailman so now it not add the message footer anymore. Now we still have this problem only when we send digital signed e-mail *with attachment*.
Thanks.
Marco De Rossi
On 8/2/07, Marco De Rossi wrote:
I can see two likely possibilities:
1. The digital signature is being done against the whole message,
headers included. When the message passes through Mailman, some
headers end up getting changed or added, and the signature is no
longer valid.
2. Mailman is still stripping or changing some of the attachment
MIME types or filenames, which causes the signature to be invalidated.Problem is, cryptographic signatures on messages are extremely fragile. If even the slightest thing is changed, the signature is likely to be broken. If you make the signature process more robust, then you increase the possibility that an attacker could slip something through that would still appear to be correct, but where they've actually secretly modified something.
Try turning off all filtering, HTML conversion, etc... within Mailman. See if that "fixes" the signature problem. If so, then you have to decide which is more important -- the signature on some messages or the probability that some malware could get through the system and sent out to all recipients of the list, because you'd turned off the filtering.
Unfortunately, this is a binary decision. There is no option to leave signed messages unfiltered and to apply the filtering rules only to unsigned messages. Even if there were such a method, the attackers could get through by simply forging fake signatures that look valid.
-- Brad Knowles <brad@shub-internet.org>, Consultant & Author LinkedIn Profile: <http://tinyurl.com/y8kpxu> Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Marco De Rossi wrote:
What kind of signature are you using? Are you using PGP/MIME to sign the message with attachment? Mailman doesn't normally break these signatures.
Can you look at the raw messages to and from Mailman and identify what changes cause the signature to break? This information will help us suggest a solution.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Marco De Rossi wrote:
The message you sent has a PKCS7 (RFC 2315) signature. Of course, the signature was broken by the mailman-users list because content filtering removed one of the signed parts.
For the specific issue of your lists, here's what I think, but I'm not at all knowledgable about PKCS7, so I'm not sure.
I skimmed over RFC 2315 and also looked at the message structure. The original message has
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1;
The content consists of a
Content-Type: multipart/mixed;
part and a
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
part. The multipart/mixed part consists of a text/plain part and an image/gif part.
Such a message structure with a Open PGP/MIME signature rather than a PKCS7 signature can pass through a Mailman list without breaking the signature as long as the list does no content filtering and doesn't add any list header or footer. Depending on the client verifying the signature, even the addition of a list header or footer may not break the signature (actually, the signature doesn't break, but clients may refuse to recognize the message as signed if the multipart/signed content is not the top level of the message).
In your case, I would expect the message could also pass through a Mailman list with no content filtering and no added list header or footer without breaking the signature, and in fact you said it does if the message originates from a Linux system.
So the question is, what is different about the Windows system that results in Mailman's breaking the signature.
I see the following in RFC 2315 section 9 step 1.
- For each signer, a message digest is computed on the content with a signer-specific message-digest algorithm. (If two signers employ the same message-digest algorithm, then the message digest need be computed for only one of them.) If the signer is authenticating any information other than the content (see Section 9.2), the message digest of the content and the other information are digested with the signer's message digest algorithm, and the result becomes the "message digest."
This says to me that the "message digest" which is signed can optionally include some message headers which may be altered by Mailman - e.g., perhaps a Subject: which has a prefix added - thus, breaking the signature.
Or, possibly the Windows client is doing some unorthodox treatment of trailing whitespace in the message content, but this seems unlikely if the signatures normally validate.
Thus, you could try making the list's subject_prefix empty and see if that helps, or better still, if you can set the Windows clients to sign only the content and not any headers, try that.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Marco De Rossi wrote:
What (broken?) mail client on Windows and what kind of signature? See my other reply at <http://mail.python.org/pipermail/mailman-users/2007-August/058183.html>.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 8/2/07, Marco De Rossi wrote:
I can see two likely possibilities:
1. The digital signature is being done against the whole message,
headers included. When the message passes through Mailman, some
headers end up getting changed or added, and the signature is no
longer valid.
2. Mailman is still stripping or changing some of the attachment
MIME types or filenames, which causes the signature to be invalidated.Problem is, cryptographic signatures on messages are extremely fragile. If even the slightest thing is changed, the signature is likely to be broken. If you make the signature process more robust, then you increase the possibility that an attacker could slip something through that would still appear to be correct, but where they've actually secretly modified something.
Try turning off all filtering, HTML conversion, etc... within Mailman. See if that "fixes" the signature problem. If so, then you have to decide which is more important -- the signature on some messages or the probability that some malware could get through the system and sent out to all recipients of the list, because you'd turned off the filtering.
Unfortunately, this is a binary decision. There is no option to leave signed messages unfiltered and to apply the filtering rules only to unsigned messages. Even if there were such a method, the attackers could get through by simply forging fake signatures that look valid.
-- Brad Knowles <brad@shub-internet.org>, Consultant & Author LinkedIn Profile: <http://tinyurl.com/y8kpxu> Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Marco De Rossi wrote:
What kind of signature are you using? Are you using PGP/MIME to sign the message with attachment? Mailman doesn't normally break these signatures.
Can you look at the raw messages to and from Mailman and identify what changes cause the signature to break? This information will help us suggest a solution.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Marco De Rossi wrote:
The message you sent has a PKCS7 (RFC 2315) signature. Of course, the signature was broken by the mailman-users list because content filtering removed one of the signed parts.
For the specific issue of your lists, here's what I think, but I'm not at all knowledgable about PKCS7, so I'm not sure.
I skimmed over RFC 2315 and also looked at the message structure. The original message has
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=sha1;
The content consists of a
Content-Type: multipart/mixed;
part and a
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
part. The multipart/mixed part consists of a text/plain part and an image/gif part.
Such a message structure with a Open PGP/MIME signature rather than a PKCS7 signature can pass through a Mailman list without breaking the signature as long as the list does no content filtering and doesn't add any list header or footer. Depending on the client verifying the signature, even the addition of a list header or footer may not break the signature (actually, the signature doesn't break, but clients may refuse to recognize the message as signed if the multipart/signed content is not the top level of the message).
In your case, I would expect the message could also pass through a Mailman list with no content filtering and no added list header or footer without breaking the signature, and in fact you said it does if the message originates from a Linux system.
So the question is, what is different about the Windows system that results in Mailman's breaking the signature.
I see the following in RFC 2315 section 9 step 1.
- For each signer, a message digest is computed on the content with a signer-specific message-digest algorithm. (If two signers employ the same message-digest algorithm, then the message digest need be computed for only one of them.) If the signer is authenticating any information other than the content (see Section 9.2), the message digest of the content and the other information are digested with the signer's message digest algorithm, and the result becomes the "message digest."
This says to me that the "message digest" which is signed can optionally include some message headers which may be altered by Mailman - e.g., perhaps a Subject: which has a prefix added - thus, breaking the signature.
Or, possibly the Windows client is doing some unorthodox treatment of trailing whitespace in the message content, but this seems unlikely if the signatures normally validate.
Thus, you could try making the list's subject_prefix empty and see if that helps, or better still, if you can set the Windows clients to sign only the content and not any headers, try that.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Marco De Rossi wrote:
What (broken?) mail client on Windows and what kind of signature? See my other reply at <http://mail.python.org/pipermail/mailman-users/2007-August/058183.html>.
-- Mark Sapiro <msapiro@value.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (3)
-
Brad Knowles -
Marco De Rossi -
Mark Sapiro