Will Thunderbird 78 kill Qubes Split gpg?

[Claudio Chinicz]

Hi All,

I've just read this post from TB (https://wiki.mozilla.org/Thunderbird:OpenPGP:2020) and do not know if it will support Qubes Split gpg without Enigmail?

Anyone knows?

Regards

[Sven Semmler]

On Tue, Feb 11, 2020 at 12:06:23AM -0800, Claudio Chinicz wrote:
> I've just read this post from TB (https://wiki.mozilla.org/Thunderbird:OpenPGP:2020) and do not know if it will support Qubes Split gpg without Enigmail?
> Anyone knows?

If I understand the Wiki entry correctly the Thunderbird team does
not plan to use GnuPG because they don't want the user to have to
install it separately and they can't bundle it with Thunderbird
because of incompatible licenses.

Instead they plan to use other open-source libraries to implement
GPG/PGP compatible en/decryption and signing/verification.

In that case I don't see how it could work with Qubes Split GPG.

Makes me happy I switched to mutt late last year. But that's not really
a solution for the masses.

/Sven

--
public key: https://www.svensemmler.org/0x8F541FB6.asc
fingerprint: D7CA F2DB 658D 89BC 08D6 A7AA DA6E 167B 8F54 1FB6

[dhorf-hfre...@hashmail.org]

On Tue, Feb 11, 2020 at 11:35:19AM -0600, Sven Semmler wrote:
> Makes me happy I switched to mutt late last year. But that's not really
> a solution for the masses.

mutt in a no-netvm mua-vault?
with fetchmail-vms feeding it through qubesrpc-procmail?
and separate vms for qubesrpc-msmtp for sending?
or msmtp-vms mixed with the fetchmail-vms based on credentials-overlap?

but, yes. not really a solution for the masses.

:)

[Sven Semmler]

lol... just mutt/fetchmail/postfix/qubes-split-gpg in a firewalled qube.

however, I am afraid that you have already successfully placed a virus in
my head. That setup sounds like a challenge. Any documentation you could
link?

[tetra...@danwin1210.me]

On Tue, Feb 11, 2020 at 06:53:58PM -0600, Sven Semmler wrote:
>> mutt in a no-netvm mua-vault?
>> with fetchmail-vms feeding it through qubesrpc-procmail?
>> and separate vms for qubesrpc-msmtp for sending?
>> or msmtp-vms mixed with the fetchmail-vms based on credentials-overlap?
>>
>> but, yes. not really a solution for the masses.
>>
>> :)
>
>lol... just mutt/fetchmail/postfix/qubes-split-gpg in a firewalled qube.
>
>however, I am afraid that you have already successfully placed a virus in
>my head. That setup sounds like a challenge. Any documentation you could
>link?

I'd be more interested in a defense against the DoS vulnerability in Qubes users (aka
xkcd nerd sniping)that dhorf appears to have discovered :)

[Claudio Chinicz]

Hi Sven,

Can you provide more details on mutt and how to implement its use with Qubes (and TB I suppose)?

Thanks in advance

[dhorf-hfre...@hashmail.org]

> > > mutt in a no-netvm mua-vault?
> > > with fetchmail-vms feeding it through qubesrpc-procmail?
> > > and separate vms for qubesrpc-msmtp for sending?
> > > or msmtp-vms mixed with the fetchmail-vms based on credentials-overlap?

> > however, I am afraid that you have already successfully placed a virus in
> > my head. That setup sounds like a challenge. Any documentation you could
> > link?

no real docs i am afraid. some notes/snippets.
in these examples, the no-net mua-vm is called priv-mua, the
combined fetchmail+msmtp vm is called priv-mta.


mta fetchmailrc:
mda "/usr/bin/qrexec-client-vm priv-mua baka.procmail"

mua baka.procmail: (giga-hacky fixup for mbox format/style)
perl -e '<>;unless($c++||/^From /){$a=localtime;print "From rpc $a\n";}print;while(<>){print}' | procmail

mua procmailrc: (for forwarding recipes)
| /home/user/bin/smail

mua muttrc:
set sendmail="/home/user/bin/smail"

mua ~/bin/smail: (just a helper to isolate the qrexec from random cli args)
exec /usr/bin/qrexec-client-vm priv-mta baka.msmtp

mta baka.msmtp: (this needs a better way to signal/determine dests)
msmtp -d -t --read-envelope-from &> /tmp/_msmtp.debuglast


in case some part of the mailinglist chain decides to eat up special chars:
https://pastebin.com/raw/DfvRujvG

> I'd be more interested in a defense against the DoS vulnerability in
> Qubes users (aka xkcd nerd sniping)that dhorf appears to have discovered :)

there is one fundamental thing to realize about qubes-rpc:
think of it as a pipe that has its left/right side in different VMs.

so everything that can be phrased as a commandline involving pipes,
or involves commands with quasi-pipe options (rsync -e, openssh
ProxyCommand, fetchmail mda, ...) can be turned into a qubes
split-something easily.

actualy anything that involves a single TCP socket too, but you need
to add something like socat or systemd-socket as a helper...

or a service that has an inetd-mode (sshd -i) ...


> dhorf

also, how did you get that name?
it is triple-rot13 encrypted for extra privacy!
wait, it even looks like you broke the first two rounds already...
*panics*

[Sven Semmler]

On Tue, Feb 11, 2020 at 09:48:52PM -0800, Claudio Chinicz wrote:
> Can you provide more details on mutt and how to implement its use with
> Qubes (and TB I suppose)?

Hi Claudio,

modern email clients like Thunderbird combine serveral functions into
one software package:

- mail user agent (MUA)
- mail transfer agent (MTA) speaks SMTP
- mail retrieval agent (MRA) speaks POP or IMAP

Actually, originally mail was nothing more than mailfiles transported
from one machine to another via SMTP and stored in the local file
system. That was at a time where all machines were stationary and
constantly connected.

Later we then had dedicated SMTP and POP/IMAP servers that would do the
sending and receiving for you so your local machine wouldn't have to
deal with retries (SMTP) and incoming mail would be stored somewhere
until your machine came online. Those servers are called "smart hosts".

- mutt is a MUA
- postfix is a MTA
- fetchmail is a MRA

Here are some helpful pages:

- https://www.qubes-os.org/doc/mutt
- https://www.qubes-os.org/doc/postfix
- https://www.qubes-os.org/doc/fetchmail

But very little in this setup is Qubes specific, so there is a multitude
of information when you search for mutt, postfix and fetchmail.

In any case it is a replacement for Thunderbird/Enigmail (mutt works
with GnuPG) and it's all happening in the terminal ... so no GUI. This
is why I wrote it's "not a solution for the masses".

Cheers,

[Claudio Chinicz]

Hi Sven, thanks for the explanation of how mail clients work. I've realized mutt is not for me, I need a GUI and I'll have to continue using TB or similar, regardless of split gpg. Best Regards

[qtpie]

Claudio Chinicz:

Are there people using split GPG with other GUI e-mail clients? (GUIs
similar to those of thunderbird, not mutt). Ie what are thunderbird
alternatives that will work with split gpg?

And for those who will continue to use Thunderbird: of course split-gpg
it is a really cool feature that makes really good use of the abilities
of Qubes. But what is the actual risk in practice of your private key
getting stolen if you run Thunderbird 78+ in its own VM and dont open
weird attachments and do not open links in the same VM? I havent heard
of private keys getting stolen via e-mail client security holes, but Im
not a security researcher and I dont know about the trackrecord of
Thunderbird.

[awokd]

qtpie:

https://efail.de/ was relatively recent. Too bad Thunderbird is forcing
all eggs in one basket.

--
- don't top post
Mailing list etiquette:
- trim quoted reply to only relevant portions
- when possible, copy and paste text instead of screenshots