From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/31545 Path: main.gmane.org!not-for-mail From: Shenghuo ZHU Newsgroups: gmane.emacs.gnus.general Subject: Re: MIME Security with PGP (RFC2015) Date: 27 Jun 2000 18:43:20 -0400 Sender: owner-ding@hpc.uh.edu Message-ID: <2nsntyd9tj.fsf@tiger.jia.vnet> References: <2naehcprfu.fsf@tiger.jia.vnet> NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="=-=-=" X-Trace: main.gmane.org 1035167943 14732 80.91.224.250 (21 Oct 2002 02:39:03 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 02:39:03 +0000 (UTC) Return-Path: Original-Received: from karazm.math.uh.edu (karazm.math.uh.edu [129.7.128.1]) by mailhost.sclp.com (Postfix) with ESMTP id 55EF6D0553 for ; Tue, 27 Jun 2000 18:42:03 -0400 (EDT) Original-Received: from sina.hpc.uh.edu (lists@Sina.HPC.UH.EDU [129.7.3.5]) by karazm.math.uh.edu (8.9.3/8.9.3) with ESMTP id RAC11599; Tue, 27 Jun 2000 17:40:21 -0500 (CDT) Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Tue, 27 Jun 2000 17:39:34 -0500 (CDT) Original-Received: from mailhost.sclp.com (postfix@sclp3.sclp.com [204.252.123.139]) by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id RAA03717 for ; Tue, 27 Jun 2000 17:39:21 -0500 (CDT) Original-Received: from shenghuo.dhs.org (d185d1e79.rochester.rr.com [24.93.30.121]) by mailhost.sclp.com (Postfix) with ESMTP id D70C2D0553 for ; Tue, 27 Jun 2000 18:39:40 -0400 (EDT) Original-Received: (from zsh@localhost) by shenghuo.dhs.org (8.10.0/8.10.0) id e5RMhKk07951; Tue, 27 Jun 2000 18:43:20 -0400 Original-To: ding@gnus.org X-Attribution: ZSH X-Face: 'IF:e51ib'Qbl^(}l^&4-J`'P!@[4~O|&k#:@Gld#b/]oMq&`&FVY._3+b`mzp~Jeve~/#/ ERD!OTe<86UhyN=l`mrPY)M7_}`Ktt\K+58Z!hu7>qU,i.N7TotU[FYE(f1;}`g2xj!u*l`^&=Q!g{ *q|ddto|nkt"$r,K$[)"|6,elPH= GJ6Q In-Reply-To: Simon Josefsson's message of "27 Jun 2000 18:01:47 +0200" Original-Lines: 159 User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.7 Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:31545 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:31545 --=-=-= Simon Josefsson writes: > Shenghuo ZHU writes: > > > I wrote rfc2015.el, which is supposed to fill the gap between Gnus 5.8 > > and mailcrypt. Because it is not finished, I just put it in contrib > > directory. > > Are there fundamental technical problems to why it isn't finished? > > I've successfully sent S/MIME signed mail with Gnus (and several > manual steps) using postprocess=smime-sign. > > Before actually implementing this, it would be nice to hear what the > reasons was for not finishing PGP/MIME. Signing or decrypting work fine. But the technical problems and non-technical reasons are: 1. Unable to do verifying, because mm-dissect-buffer does not keep the header info (micalg value and the header of the signed text). 2. Have to input recipient's email address more than once when encrypting. It could be solved by adding email address into the tag somehow. 3. mm-use-ultra-safe-encoding should be set, though gnupgp or mailcrypt may handle the leading "From". 4. Florian Weimer is also working on a similar project. (see the attached message I sent to gnus-rfc2015 mailing list). 5. Lars worries about crypto export regulation issues. 6. I am busy recently :-(. If we implemented both protocols, I think we should rename it to rfc1847.el instead of rfc2015.el. Shenghuo --=-=-= Content-Type: message/rfc822 Content-Disposition: inline To: gnus-rfc2015@mercury.rus.uni-stuttgart.de Subject: Re: MIME Security with PGP (RFC2015) References: <2naehcprfu.fsf@tiger.jia.vnet> <87ya4un71h.fsf@deneb.cygnus.argh.org> X-Attribution: ZSH X-Face: 'IF:e51ib'Qbl^(}l^&4-J`'P!@[4~O|&k#:@Gld#b/]oMq&`&FVY._3+b`mzp~Jeve~/#/ ERD!OTe<86UhyN=l`mrPY)M7_}`Ktt\K+58Z!hu7>qU,i.N7TotU[FYE(f1;}`g2xj!u*l`^&=Q!g{ *q|ddto|nkt"$r,K$[)"|6,elPH= GJ6Q From: Shenghuo ZHU In-Reply-To: Florian Weimer's message of "28 May 2000 15:22:34 +0200" User-Agent: Gnus/5.0807 (Gnus v5.8.7) Emacs/20.6 Date: 02 Jun 2000 02:25:33 -0400 Message-ID: <2nvgzsy4yq.fsf@tiger.jia.vnet> Lines: 99 Xref: tiger.jia.vnet mail.me:7526 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii >>>>> "Florian" == Florian Weimer writes: Florian> Shenghuo ZHU writes: >> I wrote rfc2015.el, which is supposed to fill the gap between Gnus >> 5.8 and mailcrypt. Because it is not finished, I just put it in >> contrib directory. Florian> A few months ago, Lars suggested to keep MIME-PGP support Florian> separate because of crypto export regulation issues. I think the implementation of RFC 2015 is not related to crypto export regulation issues, because we are not implementing PGP itself. In my opinion, RFC 2015 is more related to MIME than to the PGP algorithm. Therefore, it should be integrated with Gnus. The current implementations largely depend on mml.el. I worry about the consistency issue, if the support and Gnus are maintained separately. Moreover, RFC 1847 provides a general document for security MIME. Gnus should be extended to support protocols other than PGP, if the sign, encrypt, verify and decrypt functions are provided. >> To sign something, say >> >> >> The text to sign. >> Florian> My package uses a somewhat different approach: Florian> Florian> This is a signed multipart. Florian> Florian> Do we really need so many tags here? Florian> This is achieved by hooking into Florian> "mml-generate-multipart-alist". To be honest, I think Florian> "mml-generate-mime-preprocess-function" and Florian> "mml-generate-mime-postprocess-function" are unnecessary. At Florian> least you can't use them to generate RFC 2015 messages. Florian> There are special requirements regarding quoted-printable Florian> encoding of parts inside "multipart/signed" or Florian> "multipart/encrypted", and I don't think you can set the Florian> appropriate variable ("mm-use-ultra-safe-encoding") during Florian> MML-to-MIME translation using your hooks. I missed this part, but gpg fixes the leading "From" in non-detached sign. Anyway, mm-use-ultra-safe-encoding can be introduced somehow. Florian> My code is available at: Florian> http://cert.uni-stuttgart.de/people/fw/gpg-mime.el Florian> At the moment, it's very alpha, and it's likely that it Florian> doesn't work. :-/ Of course, it only does the easy part, Florian> i.e. creating "multipart/signed" and "multipart/encrypted", Florian> not the other way round. Florian> It requires some packages found in the same directory. At Florian> the moment, it is GnuPG-specific, but you should be able to Florian> use other (Open)PGP implementations if you customize the Florian> settings in gpg.el. Mailcrypt wasn't used because of some Florian> security problems and the unwillingness of the maintainer to Florian> respond to suggestions regarding detached signatures. I hope the implementation can be easily extended for other RFC1847- compliant protocols. Therefore, we should not expect too much from the backend's support. Florian> Now to the hard part, signature verification and decryption. Florian> For verification, I think we need a hook into Florian> "mm-dissect-multipart", which verifies the signature (at this Florian> place, all the necessary information is still present) and Florian> generates a suitable MML handle. After that, the part can be Florian> displayed using a user-defined display function (by Florian> specifying it in "gnus-mime-multipart-functions"). Maybe this is a good idea. The other way is that we can modify Gnus so that mime handles keep all the necessary information. The messages are verified before displayed. The user could customize "mm-automatic-display" to verify messages automatically or explicitly. Florian> Decryption should only occur if explicitly requested by the Florian> user. No hook into "mm-dissect-multipart" is required for Florian> it; we can decrypt and call "mm-dissect-buffer" on the Florian> plaintext on user request. That is exactly what I did in my implementation. Florian> (Maybe we should continue this discussion on the gnus-rfc2015 Florian> list? I've subscribed you.) Thank you. Shenghuo --=-=-=--