[user requested enchancement] trust signed messages even if signer != sender as long the signatures is good

[martgil]

Description:
We received a concern that the signed message can't be verified even though the signer's public key is already in the receiver's contact list.

The following error says could not verify signature: missing pubkey 685A5A5E51XXXXXX
If we can remember, we further check the sender's and the signer's emails before acknowledging the receiver that the message is indeed signed. If the check fails, the following error above occurs.

Interesting line of code:

flowcrypt-browser/extension/chrome/elements/pgp_block_modules/pgp-block-signature-module.ts

Line 37 in a808b6b

const signerEmail = this.view.getExpectedSignerEmail();

The user requested an enhancement to it:

Then I would put in a request for enhancement - it's perfectly reasonable for the sender of the email and the signer of the email not to match. As long as the signature is good, then the trust put in the signature should be enough.
I know form a fact that the claws-mail plugin handles the email I sent to you without an issue.

I've tested Mailvelope and it doesn't give me any warning that the signer and sender don't match...

Let me know if there's anything I could help with. Thank you!

Reference: https://mail.google.com/mail/u/human@flowcrypt.com/#inbox/FMfcgzGpGnJHJkblwqbFLWNQzNfrBjvb

[tomholub]

I don't think that's secure. Consider the following:

• you communicate with both bob and alice and have both public keys imported
• bob sends an email and spoofs alice sender. So you have from:alice header and bob signs the email himself

So we have an email from:alice rendered with a valid signature. The user could easily think that alice signed that email, even though the whole interaction was spoofed by bob. The email mentioned in the signature is easy to overlook.

[tomholub]

If any mail client is showing that as valid without a serious warning, I think they should do better security-wise.

[martgil]

Thanks for sharing an analogy - that help us understand the risk.

If any mail client is showing that as valid without a serious warning, I think they should do better security-wise.

I agree with you. In our case, we have a bit inappropriate error message where the browser extension says could not verify signature: missing pubkey 685A5A5E51XXXXXX.

If we would like to improvements to it, maybe:

1. we can let the user know that message's signature is good though the signer and sender email do not match? (orange warning -- less strict) or
2. instead of showing missing pubkey error, we can say that the signer email and sender address do not match (in a red warning -- strict);

[tomholub]

I agree the error can be misleading. Red color should be retained. The error message could be improved depending on if that pubkey was found associated with another sender, but it's not trivial - let's leave it for another day.

As for that user, I think they should be able to resolve the error by importing the public key again, but changing the user email that they are importing for - to the email address that will be actually sending the message.

[martgil]

Okay, Tom - I understand.

As for that user, I think they should be able to resolve the error by importing the public key again, but changing the user email that they are importing for - to the email address that will be actually sending the message.

it works like a charm - thank you! I'll let inform the user about this method. Thanks again!

[chrissv]

Hi, this issue is a few years old, and I just had this situation occur - I received a signed email from a well-respected mailing list, where the "From:" is the mailing list email. The message was signed by one of the maintainers, using his email address. Flowcrypt marked it as "could not verify signature: missing pubkey"

Other than the workaround mentioned above (which is somewhat permanent in assigning the public key to the mailing list email), can a feature be added to the Flowcrypt extension where I can one-time manually verify the signature against one of the contacts I choose from my Flowcrypt contact list? That way it is an explicit action by me, the user, and the tool doesn't give me any automatic false positives (as in the bob-alice example)

Thanks!

[martgil]

Hi @sosnovsky , @chrissv suggested adding an optional feature to manually verify a signed message, assuming the signature matches a public key in the user's trusted contact list, even when the signer email and sender email do not match. It partially makes sense to leave this to the user’s discretion, though it would be less secure.

What do you think about this?

[sosnovsky]

Hi @martgil, solution which you suggested earlier should be simpler to implement:

instead of showing missing pubkey error, we can say that the signer email and sender address do not match (in a red warning -- strict);

It'll be more informative for users than just missing pubkey 685A5A5E51XXXXXX

It's quite rare case, adding an optional feature to manually verify a signed message will be more complicated and less secure, as you've said. So updating error message to better explain verification error should be good enough.

[chrissv]

@sosnovsky In your proposal, would it also show the email address of the signer in the red error message? That's the part which would be important to know, that even though the message was sent by mailing-list@example.com, it was signed by bob@example.com

[sosnovsky]

@chrissv need to check if we'll be able to parse signer email in such cases, probably should be possible.

@ioanatflowcrypt can you please try to implement solution proposed by Mart + show signer email in error message:

instead of showing missing pubkey error, we can say that the signer email and sender address do not match (in a red warning -- strict);

[ioanatflowcrypt]

Sure