* RFC: use NSS for S/MIME
@ 2016-03-03 8:20 Daiki Ueno
2016-03-04 14:52 ` Jens Lechtenboerger
2016-03-23 18:50 ` Greg Troxel
0 siblings, 2 replies; 5+ messages in thread
From: Daiki Ueno @ 2016-03-03 8:20 UTC (permalink / raw)
To: ding
Hello,
After seeing Greg's report on S/MIME interoperability issue[1], I was
thinking that it might be a good idea to add an S/MIME backend using NSS
instead of gpgsm.
The rationale behind this are:
- The certificate/key database could be shared with other major MUAs,
such as Evolution or Thunderbird.
- For OpenPGP, GnuPG is the de-facto and there is no free alternative.
For S/MIME, however, NSS is more widely used, and I expect that it had
been tested better.
What do people think? I have a basic wrapper implementation[2] (though
I might not have time to finish the integration of it into Gnus).
Regards,
Footnotes:
[1] http://article.gmane.org/gmane.emacs.gnus.general/86677
[2] https://github.com/ueno/smime-nss-el
--
Daiki Ueno
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RFC: use NSS for S/MIME
2016-03-03 8:20 RFC: use NSS for S/MIME Daiki Ueno
@ 2016-03-04 14:52 ` Jens Lechtenboerger
2016-03-04 22:38 ` Daiki Ueno
2016-03-23 18:50 ` Greg Troxel
1 sibling, 1 reply; 5+ messages in thread
From: Jens Lechtenboerger @ 2016-03-04 14:52 UTC (permalink / raw)
To: ding; +Cc: Daiki Ueno
On 2016-03-03, at 17:20, Daiki Ueno wrote:
> Hello,
>
> After seeing Greg's report on S/MIME interoperability issue[1], I was
> thinking that it might be a good idea to add an S/MIME backend using NSS
> instead of gpgsm.
> [...]
How would certificate management (import, expiry) work with NSS?
Best wishes
Jens
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RFC: use NSS for S/MIME
2016-03-04 14:52 ` Jens Lechtenboerger
@ 2016-03-04 22:38 ` Daiki Ueno
2016-03-06 14:58 ` Jens Lechtenboerger
0 siblings, 1 reply; 5+ messages in thread
From: Daiki Ueno @ 2016-03-04 22:38 UTC (permalink / raw)
To: ding
Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
> How would certificate management (import, expiry) work with NSS?
That can be done with the "certutil" command. Maybe there could be an
Elisp interface around it.
Regards,
--
Daiki Ueno
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RFC: use NSS for S/MIME
2016-03-04 22:38 ` Daiki Ueno
@ 2016-03-06 14:58 ` Jens Lechtenboerger
0 siblings, 0 replies; 5+ messages in thread
From: Jens Lechtenboerger @ 2016-03-06 14:58 UTC (permalink / raw)
To: ding; +Cc: Daiki Ueno
On 2016-03-05, at 07:38, Daiki Ueno wrote:
> Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
>
>> How would certificate management (import, expiry) work with NSS?
>
> That can be done with the "certutil" command. Maybe there could be an
> Elisp interface around it.
I never used NSS tools before and just gave it a try.
What do you think about using cmsutil (with switches -D -k) for
signature verification instead of (or in addition to) signver, which
would import non-root certificates automatically?
BTW, I failed to use signver on the command line with switch -s: The
tool truncated my signature file and waited on stdin for a
signature. Is that a bug or am I missing something? (Redirection
from stdin without -s, similarly to your code, worked.)
Best wishes
Jens
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: RFC: use NSS for S/MIME
2016-03-03 8:20 RFC: use NSS for S/MIME Daiki Ueno
2016-03-04 14:52 ` Jens Lechtenboerger
@ 2016-03-23 18:50 ` Greg Troxel
1 sibling, 0 replies; 5+ messages in thread
From: Greg Troxel @ 2016-03-23 18:50 UTC (permalink / raw)
To: Daiki Ueno; +Cc: ding
[-- Attachment #1: Type: text/plain, Size: 1074 bytes --]
Daiki Ueno <ueno@gnu.org> writes:
> After seeing Greg's report on S/MIME interoperability issue[1], I was
> thinking that it might be a good idea to add an S/MIME backend using NSS
> instead of gpgsm.
Sorry, I've had gnus paged out while dealing with other $DAYJOB issues.
> The rationale behind this are:
>
> - The certificate/key database could be shared with other major MUAs,
> such as Evolution or Thunderbird.
>
> - For OpenPGP, GnuPG is the de-facto and there is no free alternative.
> For S/MIME, however, NSS is more widely used, and I expect that it had
> been tested better.
>
> What do people think? I have a basic wrapper implementation[2] (though
> I might not have time to finish the integration of it into Gnus).
>
> Regards,
>
> Footnotes:
> [1] http://article.gmane.org/gmane.emacs.gnus.general/86677
>
> [2] https://github.com/ueno/smime-nss-el
I think this would be great. I realize nss may have its own issues, but
given that it exists and is in use, letting gnus use either seems like a
big step forward.
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 180 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-03-23 18:50 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-03 8:20 RFC: use NSS for S/MIME Daiki Ueno
2016-03-04 14:52 ` Jens Lechtenboerger
2016-03-04 22:38 ` Daiki Ueno
2016-03-06 14:58 ` Jens Lechtenboerger
2016-03-23 18:50 ` Greg Troxel
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).