From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/33500 Path: main.gmane.org!not-for-mail From: Bruce Stephens Newsgroups: gmane.emacs.gnus.general Subject: S/MIME suggestions Date: 28 Nov 2000 00:08:02 +0000 Sender: owner-ding@hpc.uh.edu Message-ID: <871yvxdkm5.fsf_-_@cenderis.demon.co.uk> References: NNTP-Posting-Host: coloc-standby.netfonds.no Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: main.gmane.org 1035169595 25475 80.91.224.250 (21 Oct 2002 03:06:35 GMT) X-Complaints-To: usenet@main.gmane.org NNTP-Posting-Date: Mon, 21 Oct 2002 03:06:35 +0000 (UTC) Return-Path: Original-Received: from spinoza.math.uh.edu (spinoza.math.uh.edu [129.7.128.18]) by mailhost.sclp.com (Postfix) with ESMTP id 6BD40D049A for ; Mon, 27 Nov 2000 19:09:27 -0500 (EST) Original-Received: from sina.hpc.uh.edu (lists@Sina.HPC.UH.EDU [129.7.3.5]) by spinoza.math.uh.edu (8.9.1/8.9.1) with ESMTP id SAB19890; Mon, 27 Nov 2000 18:09:04 -0600 (CST) Original-Received: by sina.hpc.uh.edu (TLB v0.09a (1.20 tibbs 1996/10/09 22:03:07)); Mon, 27 Nov 2000 18:08:23 -0600 (CST) Original-Received: from mailhost.sclp.com (postfix@66-209.196.61.interliant.com [209.196.61.66] (may be forged)) by sina.hpc.uh.edu (8.9.3/8.9.3) with ESMTP id SAA05116 for ; Mon, 27 Nov 2000 18:08:14 -0600 (CST) Original-Received: from localhost (cenderis.demon.co.uk [193.237.0.193]) by mailhost.sclp.com (Postfix) with ESMTP id 77653D049A for ; Mon, 27 Nov 2000 19:08:38 -0500 (EST) Original-Received: by localhost (Postfix, from userid 1000) id 47CEF3F186; Tue, 28 Nov 2000 00:08:29 +0000 (GMT) Original-To: ding@gnus.org In-Reply-To: User-Agent: Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.2 (Pan) Original-Lines: 17 Precedence: list X-Majordomo: 1.94.jlt7 Xref: main.gmane.org gmane.emacs.gnus.general:33500 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:33500 Just a couple of suggestions for signed email mostly. Most user agents don't *require* that certificates verify (i.e., you don't *have* to have the issuer's certificate). They complain loudly if the certificate doesn't validate, obviously, but they allow you to trust a specific certificate, without having to trust all certificates signed by a particular issuer. Openssl allows this using the -noverify flag. So (in a pleasantly contradictory fashion), "openssl smime -verify -noverify ..." makes perfect sense. Also, "openssl smime -verify ... -signer " extracts the certificate (presuming there is one). That strikes me as a very convenient feature to use. Especially considering that "openssl x509 -email -noout -in .pem" prints out a list of email addresses for the given certificate, which would presumably allow Gnus to check that the email addresses match with the From header.