MS Exchange server corrupting PGP-MIME emails

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 4 16:02:19 CEST 2011


On 10/04/2011 05:11 AM, David Smith wrote:
> Possibly a bit off-topic, but...
> 
> Does anyone have any experience of using an MS Exchange server, where it
> corrupts PGP-MIME emails by re-encoding the encrypted data in base64?
> 
> If I'm going to complain to our local IT about it, I need some hard
> evidence about how it's breaking the PGP-MIME RFC.
> 
> I've attached an example of a mail before and after it's been through
> exchange - I've put it in a .tgz to stop any modification by mailservers
> en route.

https://tools.ietf.org/html/rfc1847#page-4

suggests that:

   The entire contents of the multipart/signed container must be treated
   as opaque while it is in transit from an originator to a recipient.
   Intermediate message transfer agents must not alter the content of a
   multipart/signed in any way, including, but not limited to, changing
   the content transfer encoding of the body part or any of its
   encapsulated body parts.

But the example messages you gave are not multipart/signed  -- they're
encrypted messages, which are ascii-armored (base64-encoded) blobs in
the first place, which are being re-wrapped in another layer of base64.

Given that compliant MUAs should strip off the outer layer of base64
before handing the message, i don't think this should be a problem.

I'd be more concerned with their switch from Content-Disposition: inline
to Content-Disposition: attachment, which seems likely to make compliant
MUAs not want to pass the message to an inline renderer at all.

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1030 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20111004/2148c3d8/attachment.pgp>


More information about the Gnupg-users mailing list