Treat signed S/MIME messages that use a MD5 digest as insecure
Categories
(MailNews Core :: Security: S/MIME, enhancement)
Tracking
(thunderbird_esr102 affected)
Tracking | Status | |
---|---|---|
thunderbird_esr102 | --- | affected |
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Whiteboard: [TM:112])
Attachments
(1 file, 1 obsolete file)
Let's see if we can disable support for MD5 with S/MIME.
Assignee | ||
Comment 1•6 years ago
|
||
The most recent RFC for S/MIME suggests that MD5 should be supported for backwards compatibility.
https://tools.ietf.org/html/rfc5751
However, the RFC is already 9 years old, and MD5 is considered weak.
The NSS CMS test script nss/tests/smime/smime.sh has apparently never tested the use of MD5 according to the revision history of the script, since 2000.
Assignee | ||
Comment 2•6 years ago
|
||
Assignee | ||
Updated•6 years ago
|
Comment 3•5 years ago
|
||
Ready for review?
Updated•2 years ago
|
Assignee | ||
Comment 6•2 years ago
|
||
Yes, it's time to fix the bug.
However, the patch isn't good. I've just tested, and it results in the message contents not being shown.
We need a patch that will cause the signature to be shown as bad/broken, but still show the message contents.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 7•2 years ago
|
||
Actually, we can simply treat the message as not being signed at all.
Assignee | ||
Comment 8•2 years ago
|
||
Adding dependency on bug 1630688, because in that bug I'm adding code for ignoring an S/MIME signature.
Assignee | ||
Comment 9•2 years ago
|
||
Updated•2 years ago
|
Assignee | ||
Comment 10•2 years ago
|
||
We need to postpone landing until I can fix the test regression in the dependent bug.
Assignee | ||
Updated•2 years ago
|
Assignee | ||
Comment 11•2 years ago
|
||
I've had to change the dependency patch to report status as broken. Not ignoring, but reporting as bad, seems fine (or better) for this scenario, too. I'll update the revision (renamed variable).
Updated•2 years ago
|
Assignee | ||
Comment 12•2 years ago
|
||
I don't have test messages for MD5 currently.
However, I do have test messages for SHA-1 (bug 1532292).
I think we should handle SHA-1 in a separate step, but while I'm working on this one, it's easy to create the patch for bug 1532292 already, and with that I can test whether this approach is generally working.
I found that this patch still has the effect of hiding the signature.
But showing a broken signature might be better.
Assignee | ||
Comment 13•2 years ago
|
||
The patch is insufficient, because it only handles multipart/signed, it doesn't handle the opaque signing content type.
Assignee | ||
Comment 14•2 years ago
|
||
Patch updated to fix opaque signing, too.
However, now this works depends on getting a new NSS release uplifted, which needs to export an additonal API.
Assignee | ||
Comment 15•2 years ago
|
||
Landing this fix must wait until Thunderbird 112, because the NSS version 3.88 that targets FF/TB 111 is already in API freeze.
Needinfo for myself, request landing this after mozilla-central has received an NSS 3.89 Beta snapshot.
Updated•2 years ago
|
Assignee | ||
Comment 16•2 years ago
|
||
Ready for landing.
Updated•2 years ago
|
Updated•2 years ago
|
Comment 17•2 years ago
|
||
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/9b819c74e061
Reject S/MIME signatures that use the MD5 hash algorithm. r=mkmelin
Description
•