Closed Bug 1872833 Opened 8 months ago Closed 8 months ago

Disable support for LibrePGP v5 AEAD/OCB decryption

Categories

(MailNews Core :: Security: OpenPGP, task)

Product:
MailNews Core
Component:
Security: OpenPGP
Type:
task

Tracking

(thunderbird_esr115 wontfix, thunderbird122 wontfix)

Status:
RESOLVED FIXED
Milestone:
123 Branch
Tracking Flags:
Tracking Status
thunderbird_esr115 --- wontfix
thunderbird122 --- wontfix

People

(Reporter: KaiE, Assigned: KaiE)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

Bug 1872833 - Disable v5 AEAD/OCB support. r=rjl
48 bytes, text/x-phabricator-request
Details | Review

In bug 1830858, we had enabled support for decryption of AEAD/OCB.

At that time in the past, I wasn't fully aware of the consequences of doing so.
I didn't fully realize that it would mean supporting a fork of the OpenPGP specification.

Given that the OpenPGP ecosystem is currently heading to a schism, I think Thunderbird should be careful, and not give users a false impression of supporting one of the forks, until there is more clarity what Thunderbird should do.

I suggest to disable this feature for the time being, (because as I understand it, it requires processing of packets that aren't universally standardized), and to rather stay at the functional level of RFC 4880.

Assignee: nobody → kaie
Status: NEW → ASSIGNED

Do we know if/how many users this could affect? It would be nice for release notes to have some official communication to link to since this is an intentional regression.

This change would affect users who:

  • used GnuPG version 2.4 (or later) with the --rfc4880bis feature enabled
    to generate (or possibly edit) a key

  • distributed that key to correspondents
    (either by importing them to Thunderbird and including it with
    send messages, or by distributing it via other channels)

  • (such keys contain a feature flag that signals support for AEAD.
    Thunderbird is unable to detect/filter/remove that flag.)

  • If a correspondent receives such a key, and uses GnuPG 2.4+ to encrypt
    a message, it may use this AEAD mode.

  • If the user receives such messages,
    Thunderbird will be unable to decrypt the message

Note that while the default GnuPG 2.4 version has that preference enabled by default,
many Linux distributions keep this preference disabled by default.
Windows users of the GnuPG software may have this flag enabled by default.

Also note that Android users, who use K-9 with OpenKeychain, also aren't able to decrypt the message.

I agree this change can be seen as a functional regression.
I hope that as of today, only few users already receive such messages.

However, if users were initially using a recent version of GnuPG to generate their keys,
they are probably able to decrypt those emails manually with GnuPG.

Users who generate their keys using Thunderbird are not affected.

Keywords: checkin-needed-tb

Also, users who configure Thunderbird to optionally use "external GnuPG", may still be able to decrypt such messages from within Thunderbird.
Because, when Thunderbird fails to decrypt a message, and external GnuPG is configured, it will pass the message to GnuPG using the GPGME interface and ask it to decrypt it.
(see https://wiki.mozilla.org/Thunderbird:OpenPGP:Smartcards for how to configure that)

Target Milestone: --- → 123 Branch

Pushed by alessandro@thunderbird.net:
https://hg.mozilla.org/comm-central/rev/453789e17408
Disable v5 AEAD/OCB support. r=rjl

Status: ASSIGNED → RESOLVED
Closed: 8 months ago
Keywords: checkin-needed-tb
Resolution: --- → FIXED
See Also: → 1874504

ready for 115?

Flags: needinfo?(kaie)

I suggest to wait another 2-3 weeks for feedback from beta users

Flags: needinfo?(kaie)

If we decide to go ahead with this change in the stable version, we would have to write release notes that describe this chance and the workaround. Because we'll offer the workaround, and because it only affects users who have generated their own key using GnuPG, it may be acceptable to make this change in the stable release.

Possible text:

When using GnuPG software version 2.4 or later, with the rfc4880bis configuration flag enabled, to generate or edit a secret key, the key will contain meta data that indicates that the owner of the key uses software that supports the draft-koch-librepgp specification. This meta data is a signal to allow the correspondents' software to use a mode of encryption that is defined in the draft-koch-librepgp specification. As a result, users may receive email messages that were encrypted using that encryption mode. While earlier versions of Thunderbird 115.x were able to decrypt such messages, it has been decided to disable support for this encryption mode, because it is unclear whether future versions of Thunderbird can support draft-koch-librepgp. It is assumed that at this time, only very few users will be affected by this change. For users who are affected by this change, there is a workaround. It is possible to configure Thunderbird to optionally use externally installed GnuPG software. With this configuration enabled, if Thunderbird processes a message that it cannot decrypt, it will try to decrypt the message using the GnuPG software. This way, users can still get decryption capability for those messages.

It might make sense to align backporting of this change with bug 1874715 - as they both are related to the same issue. To avoid that we explain the complicated backstory twice, in separate releases and release notes, it's better that we'll do it together in one release.

See Also: → 1874715
Blocks: 1896918
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: