Treat signed S/MIME messages that use a MD5 digest as insecure
Categories
(MailNews Core :: Security: S/MIME, enhancement)
Tracking
(thunderbird_esr102 affected)
| Tracking | Status | |
|---|---|---|
| thunderbird_esr102 | --- | affected |
People
(Reporter: KaiE, Assigned: KaiE)
References
Details
(Whiteboard: [TM:112])
Attachments
(1 file, 1 obsolete file)
Let's see if we can disable support for MD5 with S/MIME.
|
Assignee | |
Comment 1•4 years ago
|
||
The most recent RFC for S/MIME suggests that MD5 should be supported for backwards compatibility.
https://tools.ietf.org/html/rfc5751
However, the RFC is already 9 years old, and MD5 is considered weak.
The NSS CMS test script nss/tests/smime/smime.sh has apparently never tested the use of MD5 according to the revision history of the script, since 2000.
|
|
Assignee | |
Comment 2•4 years ago
|
||
|
|
Assignee | |
Updated•4 years ago
|
|
||
Comment 3•4 years ago
|
||
Ready for review?
|
||
Updated•5 months ago
|
|
|
Assignee | |
Comment 6•2 months ago
|
||
Yes, it's time to fix the bug.
However, the patch isn't good. I've just tested, and it results in the message contents not being shown.
We need a patch that will cause the signature to be shown as bad/broken, but still show the message contents.
|
|
Assignee | |
Updated•2 months ago
|
|
|
Assignee | |
Comment 7•2 months ago
|
||
Actually, we can simply treat the message as not being signed at all.
|
|
Assignee | |
Comment 8•2 months ago
|
||
Adding dependency on bug 1630688, because in that bug I'm adding code for ignoring an S/MIME signature.
|
|
Assignee | |
Comment 9•2 months ago
|
||
|
||
Updated•2 months ago
|
|
|
Assignee | |
Comment 10•1 month ago
|
||
We need to postpone landing until I can fix the test regression in the dependent bug.
|
|
Assignee | |
Updated•1 month ago
|
|
|
Assignee | |
Comment 11•1 month ago
|
||
I've had to change the dependency patch to report status as broken. Not ignoring, but reporting as bad, seems fine (or better) for this scenario, too. I'll update the revision (renamed variable).
|
|
||
Updated•1 month ago
|
|
|
Assignee | |
Comment 12•1 month ago
|
||
I don't have test messages for MD5 currently.
However, I do have test messages for SHA-1 (bug 1532292).
I think we should handle SHA-1 in a separate step, but while I'm working on this one, it's easy to create the patch for bug 1532292 already, and with that I can test whether this approach is generally working.
I found that this patch still has the effect of hiding the signature.
But showing a broken signature might be better.
|
|
Assignee | |
Comment 13•1 month ago
|
||
The patch is insufficient, because it only handles multipart/signed, it doesn't handle the opaque signing content type.
|
|
Assignee | |
Comment 14•1 month ago
|
||
Patch updated to fix opaque signing, too.
However, now this works depends on getting a new NSS release uplifted, which needs to export an additonal API.
|
|
Assignee | |
Comment 15•1 month ago
|
||
Landing this fix must wait until Thunderbird 112, because the NSS version 3.88 that targets FF/TB 111 is already in API freeze.
Needinfo for myself, request landing this after mozilla-central has received an NSS 3.89 Beta snapshot.
|
||
Updated•1 month ago
|
|
|
Assignee | |
Comment 16•12 days ago
|
||
Ready for landing.
|
||
Updated•12 days ago
|
|
||
Updated•11 days ago
|
|
||
Comment 17•11 days ago
|
||
Pushed by mkmelin@iki.fi:
https://hg.mozilla.org/comm-central/rev/9b819c74e061
Reject S/MIME signatures that use the MD5 hash algorithm. r=mkmelin
Description
•