deltachat-core-rust icon indicating copy to clipboard operation
deltachat-core-rust copied to clipboard
verified publisher icon deltachat

Send and check "Intended recipient fingerprint" packets

Open link2xt opened this issue 4 months ago • 4 comments

OpenPGP has "indented recipient fingerprint" packet: https://www.rfc-editor.org/rfc/rfc9580.html#name-intended-recipient-fingerpr

It should be sent to protect against Surreptitious Forwarding and if it is present but does not match receiver should deliver the message to trash.

This should not be sent for broadcast lists when we want to keep recipients anonymous to each other: https://github.com/chatmail/core/issues/6782 For normal groups there should be intended recipient fingerprint inside the encrypted part even when anonymous recipient is used on the outer encryption layer.

For testing it's enough to create an .eml file with a message signed by Alice, intended for Bob but reencypted to Charlie and make sure that Charlie ignores the signature. The message will then likely get assigned to the address-contact corresponding to the outer From field.

Maybe there is no API in rPGP or it involves looking at the packets manually like rsop and rpgpie does. In this case we likely need an API in rPGP first.

link2xt avatar Jul 31 '25 17:07 link2xt

TODO:

  • [ ] check if there is an API for it in rpgp, and if not, open an issue in rpgp library
  • [ ] implementation in Delta Chat, incl. tests

Hocuri avatar Jul 31 '25 18:07 Hocuri

a message signed by Alice, intended for Bob but reencypted to Charlie and make sure that charlie delivers it to trash.

Alice and Bob may be interested if this happens, so maybe we should also send an MDN to Alice silently? Not sure though, generating extra traffic and possibly participating in a DDoS isn't good.

iequidoo avatar Jul 31 '25 19:07 iequidoo

Alice and Bob may be interested if this happens, so maybe we should also send an MDN to Alice silently?

No, we don't want automated messages, especially in the edge case that is supposed to never happen. The error can be logged ofc.

If we follow https://datatracker.ietf.org/doc/draft-ietf-lamps-e2e-mail-guidance/ ("Signature failures") then actually it should be treated as broken signature. Basically treat this as unencrypted (in Autocrypt sense) message, assign this to email contact etc.: "conformant receiving MUA that discovers a failed signature treats the message as though the signature did not exist.". I changed the wording in the first post.

link2xt avatar Jul 31 '25 19:07 link2xt

Compared to rPGP 0.16.0 which is currently the latest released version, unreleased version of rPGP also has a MessageBuilder.sign_with_subpackets method that allows to create subpackets manually: https://github.com/rpgp/rpgp/commit/3542021fa6cc6b66fc7f00246db07370ec065b40

By default only Issuer fingerprint and Signature creation time is produced: https://github.com/rpgp/rpgp/blob/f168ff350e2fa24ff147f3abfd1e3c8f42f7077a/src/composed/message/builder.rs#L121-L129

link2xt avatar Aug 06 '25 12:08 link2xt