[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #20618 [Applications/GetTor]: GetTor does not return download links when using Protonmail.com
#20618: GetTor does not return download links when using Protonmail.com
------------------------------------------------+--------------------------
Reporter: gaj | Owner: ilv
Type: defect | Status: closed
Priority: Medium | Milestone:
Component: Applications/GetTor | Version:
Severity: Normal | Resolution: not a
| bug
Keywords: GetTor, download links, protonmail | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
------------------------------------------------+--------------------------
Comment (by gaj):
Replying to [comment:8 arma]:
> Replying to [comment:7 gaj]:
>
> > ProtonMail does use the encryption key in the message header by
default, and this setting can not be changed. As far as I understand, this
key is always present, and messages to other (non ProtonMail) servers are
encrypted using TLS 'if the non-[wiki:ProtonMail] mail server supports it'
(see https://protonmail.com/support/knowledge-base/what-is-encrypted/)
> > I don't know if/how TLS is handled by GetTor?
> >
>
> TLS is fine and normal. TLS would mean using link encryption, when
supported, between the protonmail server and whatever mailserver it's
delivering the mail to. Yay link encryption.
>
> But what's happening here is that protonmail is encrypting the email
message to some gpg key. How is it picking the key? It looks to me like a
surprising and broken design -- like protonmail is just picking a key at
random from the internet and making its mail unreadable to anybody who
doesn't have the corresponding private key. How do they expect that to
work?
Sorry, I am not a developer/designer @ProtonMail, only a user, so I can
not explain the rationale behind the key in the header as displayed in
ProtonMail.
But I became curious as to how other mailservers react to this, so I run a
little experiment: I have sent a similar message (no subject, body only
contains the word 'linux') to a number of e-mailaddresses that I use,
including Outlook.com, Yahoo.com, YOPmail.com (disposable e-mail), and
online.nl.
All mailservers handled the message well, I could read it in every singel
account. Because I wondered about the encryption and the key in the
header, I looked into the 'raw' message (described as 'source', 'original
text', or in the header, depending on which option was provided. To my
surprise, I did not find the explicitly indicated PGP section (as seen in
ProtonMail, see comment 4 of this thread) on any of the headers or raw
messages(?!?).
However, the body text ('linux') of the message is not present in the
'raw' message either. I can only guess what happens (I am not a
mail/encryption expert), but below I will post two of the 'raw' / 'source'
messages (I have removed the original e-mail addresses and replaced these
with gaj@*.*), for 'Yahoo.com' and 'webmail.online.nl', and the headers as
shown by YOPmail:
----
'''__1) Yahoo.com__'''
{{{
X-Apparently-To: gaj@xxxxxxxxx; Thu, 17 Nov 2016 09:02:08 +0000
Return-Path: <gaj@xxxxxxxxxxxxxx>
Received-SPF: pass (domain of protonmail.com designates 185.70.40.27 as
permitted sender)
X-YMailISG: fZZMqacWLDtpPxkrw_PJ1F_705oX0vwokLJSl6.pAlCsN_Mc
MgTj9IzuxsNBmDuForH_W_W8TnxkBERivdrc.M4ABbwhT9eKOA5o3R_pEITj
OXOc17PmRT4O0bHzfHSZ6r5iBKLqDGgHHo0Wwx35rXMoWo.qKRLZCpIUPS9r
H0BA5bxk_9chuO4mRB19oV6ibtQvaJ9cXiaWMOWdc6JoMUiWOnzlvULgLp0I
UmN3J.PcFQ9X0ygqDVx.zZwf1cxOJWs6STZsmFntE6C29TWQgWDVT2Yq2kMQ
xQ19f2asdSu4Vex0c7yt8xVuIA6a2hmjEgelBJ6MGsZ5tDVF85fK8ja496UI
ODjXSj2OYJZl5Kjvl4nJXZgyxiHutv6ixXE06JYRY4sS5DaZ6IfHPczRNiOE
HfFSM8om1K_YZDjuu8vp9w9wxLv96pkqGaZJEmHaxaYfwPcwee9NxBcIJvNx
PDZjcYOG8sPCc5VNZfJBNLcV6LT3bgzknx.D4ZtYCL.eXH__IeGucxy8OUSM
VCR9E.1nPcmg7xPlT0qDTxhMYX1XTLDWVHEmcMtL0R242eeEU3DB7hTdXwaH
zYAJ7eK.NZnefDMOAhtcsMT4Mg.R6KQ85_WCFAp0Bw76QTE6vCsVzN0.ch0Y
6dMYr1ZaqtLDGQFY942IlaMIjIAVVrAjXIACTFY0Q3RImoE__V_cycKSeLqJ
MQP8kdR35s3klZVl33GbIx5qAjp0NQ4QWkcYLRE9bt3v24Z_MQyKWbDa4aQH
QlYhUyx5WSTKreHihsJDudnSxzJUiEBTn.VZTmggw7XqXzDDaktlZLaaTez0
4LQh7nKASkvwwvIjZRI9ZAeskJCRvIL_Aq2G3i9yT2c4.bcY4oUx.V2H61Gn
rncq8lmCSYnW4fhJ92zV8N18w4aONWjyfsWnD5s2lZ.qzpevdk92_mWhiPeZ
r6NEeuv7A6kG5K6zaWPGHCnCDTu7by2zBdLfGZQMRjJMQWyercX_YeJTGVA8
U4E5dmsqGt6EkQYxtsgTrRFuQyFC7Y74L0TEvCf9UjwdkOgrQQAoeMZGPNUg
GbZNKGRDsIrteN7Lw0zOMNPEbtlz1LI4dZOuy7LujUB7wQKe0XUVPfckBY61
zSycg6X7m0LS67Hk7VRL7P_M98tal_hCZ9CIQvFsHjOGeWZxaIB8ojRmzUFi
UVriHtH7mCP9_5A1p7qr0X_PS3HplEZ__6jfbMCjWTYXS2VwRYppsSpVxl0j
xujXwV1ZwV9gPPwkmaQ9AU1CySjUvJacgItNR0yjtjc2.sm_HU79obFNcmZN
1nTsyV3iHGPKLV..HsKWe7yaavuN0Db2JbBkOSDuJ_xoJhxQZ3gMXbTmLnDM
0eGdgauKK76d3rX4W1K7XGI9fwikyUeni3KSFRr3nqHcbY82zRjYz7x8cyLD
MAxAJI_259SYl8FI
X-Originating-IP: [185.70.40.27]
Authentication-Results: mta1341.mail.gq1.yahoo.com from=protonmail.com;
domainkeys=neutral (no sig); from=protonmail.com; dkim=pass (ok)
Received: from 127.0.0.1 (EHLO mail4.protonmail.ch) (185.70.40.27)
by mta1341.mail.gq1.yahoo.com with SMTPS; Thu, 17 Nov 2016 09:02:07
+0000
Received: from mail.protonmail.com (localhost [127.0.0.1])
by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
Thu, 17 Nov 2016 04:02:04 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1479373324;
bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
Date: Thu, 17 Nov 2016 04:02:04 -0500
To: "gaj@xxxxxxxxx" <gaj@xxxxxxxxx>
From: gaj <gaj@xxxxxxxxxxxxxx>
Reply-To: gaj <gaj@xxxxxxxxxxxxxx>
Subject: (No Subject)
Message-ID:
<qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
SvTmDGjcdR7f6gqKLJLvsMGhF6T__vaC1NDOiUwl8=@protonmail.com>
Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_5482c91d8c736fe5d686a7932411f185"
X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
mail4.protonmail.ch
Content-Length: 861
This is a multi-part message in MIME format.
--b1_5482c91d8c736fe5d686a7932411f185
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
bGludXg=
--b1_5482c91d8c736fe5d686a7932411f185
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
PGRpdj5saW51eDwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVt
cHR5Ij48YnI+PC9kaXY+PGRpdiBjbGFzcz0icHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2sgcHJv
dG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2ln
bmF0dXJlX2Jsb2NrLXVzZXIgcHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXY+
PGJyPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXBy
b3RvbiBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGJyPjwvZGl2PjwvZGl2Pjxk
aXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVtcHR5Ij48YnI+PC9kaXY+
--b1_5482c91d8c736fe5d686a7932411f185--
}}}
'''__2) webmail.online.nl__'''
{{{
Return-Path: gaj@xxxxxxxxxxxxxx
Received: from m7-zaas-prd-mx01.m7zaas.local (LHLO smtp-in.online.nl)
(10.162.0.81) by m7-zaas-prd-ms08.m7zaas.local with LMTP; Thu, 17 Nov
2016
10:02:11 +0100 (CET)
Received: from mail4.protonmail.ch (mail4.protonmail.ch [185.70.40.27])
by smtp-in.online.nl (Postfix) with ESMTP id 18573C0003
for <gaj@xxxxxxxxx>; Thu, 17 Nov 2016 10:02:11 +0100 (CET)
Received: from mail.protonmail.com (localhost [127.0.0.1])
by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
Thu, 17 Nov 2016 04:02:04 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1479373324;
bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
h=Date:To:From:Reply-To:Subject:Feedback-ID:From;
b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
Date: Thu, 17 Nov 2016 04:02:04 -0500
To: "gaj@xxxxxxxxx" <gaj@xxxxxxxxx>
From: gaj <gaj@xxxxxxxxxxxxxx>
Reply-To: gaj <gaj@xxxxxxxxxxxxxx>
Subject: (No Subject)
Message-ID:
<qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
SvTmDGjcdR7f6gqKLJLvsMGhF6T__vaC1NDOiUwl8=@protonmail.com>
Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_5482c91d8c736fe5d686a7932411f185"
X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
mail4.protonmail.ch
X-Online-CMAE-Analyze: v=2.1 cv=WL+CJSYR c=1 sm=1 tr=0
a=LdbBSXNqbvtOef0nyrOuaA==:117 a=LdbBSXNqbvtOef0nyrOuaA==:17
a=L9H7d07YOLsA:10 a=9cW_t1CCXrUA:10 a=s5jvgZ67dGcA:10
a=L24OOQBejmoA:10
a=r77TgQKjGQsHNAKrUKIA:9 a=drXjWTiCdkwO2GI1PNAA:9
a=QEXdDO2ut3YA:10
This is a multi-part message in MIME format.
--b1_5482c91d8c736fe5d686a7932411f185
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: base64
bGludXg=
--b1_5482c91d8c736fe5d686a7932411f185
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: base64
PGRpdj5saW51eDwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVt
cHR5Ij48YnI+PC9kaXY+PGRpdiBjbGFzcz0icHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2sgcHJv
dG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2ln
bmF0dXJlX2Jsb2NrLXVzZXIgcHJvdG9ubWFpbF9zaWduYXR1cmVfYmxvY2stZW1wdHkiPjxkaXY+
PGJyPjwvZGl2PjwvZGl2PjxkaXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLXBy
b3RvbiBwcm90b25tYWlsX3NpZ25hdHVyZV9ibG9jay1lbXB0eSI+PGJyPjwvZGl2PjwvZGl2Pjxk
aXYgY2xhc3M9InByb3Rvbm1haWxfc2lnbmF0dXJlX2Jsb2NrLWVtcHR5Ij48YnI+PC9kaXY+
--b1_5482c91d8c736fe5d686a7932411f185--
}}}
{{{
}}}
'''__3) headers as shown by YOPmail__'''
===== __SMTP headers :__ =====
!IP:185.70.40.27
EHLO mail4.protonmail.ch
MAIL FROM:<gaj@xxxxxxxxxxxxxx> SIZE=1854
RCPT TO:<gaj@xxxxxxxxxxx>
===== __MIME headers :__ =====
Received: from mail.protonmail.com (localhost [127.0.0.1])
by mail4.protonmail.ch (Postfix) with ESMTP id 1A23E1DC3;
Thu, 17 Nov 2016 04:02:04 -0500 (EST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com;
s=default; t=1479373324;
bh=NCWs/qOiYWOIj3Sx9k1UuGsQ0DoYqE+JRVb6aQrxors=;
h=!Date:To:From:Reply-To:Subject:Feedback-ID:From;
b=wqhh8kt3bWWZbR8AI4+ekiOKKwcATh1pSP9FIWZj9VwVHto0ymzjn3cqZTM12e9s4
jy6lyiZrqLB75ZXxwHLUb8CKeIdmEA3xsjedhH8Ul3LXd8+Nx8E7TpTWp1t6UCScJo
IF4YgTYWnqGLGcUe5fnYqXny/xWSUH0tEa4ooJUQ=
Date: Thu, 17 Nov 2016 04:02:04 -0500
To: "gaj@xxxxxxxxxxx" <gaj@xxxxxxxxxxx>
From: gaj <gaj@xxxxxxxxxxxxxx>
Reply-To: gaj <gaj@xxxxxxxxxxxxxx>
Subject: (No Subject)
Message-ID:
<qBE6eyoCEi4_ojiuI6J3T3SsNnzbyUwHrVitqxfusRUq2KZeeEhM5NhpuB60OXX1L-
SvTmDGjcdR7f6gqKLJLvsMGhF6T!__vaC1NDOiUwl8=@protonmail.com>
Feedback-ID: 110SiAcT-Ttf0GX5vp9zB7NGHX35BxAovvV88zX-
sg7eznfkxnT4idcqS5r9QeQ0UBubZrr4QwSNtQGIDoVcJQ==:!Ext:ProtonMail
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_5482c91d8c736fe5d686a7932411f185"
X-Spam-Status: No, score=-3.0 required=4.0 tests=ALL_TRUSTED,BAYES_00,
DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,HTML_MESSAGE,
MIME_BASE64_BLANKS,TVD_SPACE_RATIO,URIBL_BLOCKED autolearn=ham
version=3.3.1
X-Spam-Checker-Version: !SpamAssassin 3.3.1 (2010-03-16) on
mail4.protonmail.ch
----
With this information, maybe you can explain what happens and why GetTor
does not respond to this type of messages.
If you need more info, just let me know.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20618#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs