S/MIME verification, marking of encryped

S/MIME verification, marking of encryped

[Greg Troxel]

[-- Attachment #1: Type: text/plain, Size: 1839 bytes --]


(First, thanks to everyone who has worked on gnus.  I haven't updated
for a while and have been running from old git in late 2013 (because it
worked).  I am trying to get S/MIME going and updated to the m0-13 tag.
I did not notice any trouble, which is great!)

I'm a longtime epg user with gnupg (coming from mailcrypt and then pgg),
and generally it works well.  I am now trying to get set up with S/MIME
to interact with some people who do encrypted mail that way, and finding
it harder than it seems I should.

Part of my problem is the mysterious "No CA configured" error.   That
seems to come from smime.el, but I've tried to configure the use of epg
and thus gpgsm, and that seems to actually work.

Specific questions:

0) I put in .emacs:

      (setq mml-smime-use 'epg)

Is that sufficient and appropriate to make gnus use epg/gpgsm for
S/MIME?

1) What is the thinking on the default for smime between epg/gpgsm and
openssl?  It seems to me that gpgsm is set up for passphrases and also
to mark keys/CAs trusted or not in a more flexible manner, so that seems
preferred.   But Simon wrote smime.el, so I don't want to jump to
conclusions.

2) Are people sure that there are no control flow leaks into the openssl
code when epg is configured?  I am set up for gpgsm, and verifying
messages that are from myself and signed or signed and encrypted seems
to work.  Verifying a message that is encrypted but not signed from
someone else gives the "No CA configured" error.  However, while doing
this, I see that gpgsm was run and openssl was not (from atimes on the
binaries).

3) When verifying openpgp/mime, I am notified of decryption status as
well as signatures, so that I know the message was encrypted.   I don't
see any hint of this with epg/gpgsm.  Any advice, other than figure it
out and send a patch?

Thanks,
Greg





[-- Attachment #2: Type: application/pgp-signature, Size: 180 bytes --]

Re: S/MIME verification, marking of encryped

[jens.lechtenboerger]

Hi Greg!

> I'm a longtime epg user with gnupg (coming from mailcrypt and then
> pgg), and generally it works well.  I am now trying to get set up with
> S/MIME to interact with some people who do encrypted mail that way,
> and finding it harder than it seems I should.

If I understand correctly, they already use S/MIME, right?  So, probably
this choice is not yours to make, but I recommend OpenPGP over S/MIME,
as explained in a blog entry:
https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/

> Part of my problem is the mysterious "No CA configured" error.  That
> seems to come from smime.el, but I've tried to configure the use of
> epg and thus gpgsm, and that seems to actually work.

If you get that error you can be certain that openssl code was involved,
which is a bug.

> Specific questions:

> 0) I put in .emacs:
>
>       (setq mml-smime-use 'epg)
>
> Is that sufficient and appropriate to make gnus use epg/gpgsm for
> S/MIME?

That should do it.  Alternatively, you could put
   (require 'epg)
into .emacs (early on, before other encryption-related code gets called).

> 1) What is the thinking on the default for smime between epg/gpgsm and
> openssl?

My recommendation is to stay away from openssl.  Use gpgsm.

> It seems to me that gpgsm is set up for passphrases and also
> to mark keys/CAs trusted or not in a more flexible manner, so that
> seems preferred.  But Simon wrote smime.el, so I don't want to jump to
> conclusions.

In general, gpgsm includes full-fledged certificate management, which
you need to perform manually with openssl (storage, expiry, revocation).
Then, depending of your version of openssl you may be advertising broken
encryption algorithms (in your signatures).  Also, you may want to read
the BUGS section of man smime(1) and man cms(1).  In the blog entry
mentioned above, these points are explained with some Emacs specific
additions.

> 2) Are people sure that there are no control flow leaks into the
> openssl code when epg is configured?  I am set up for gpgsm, and
> verifying messages that are from myself and signed or signed and
> encrypted seems to work.  Verifying a message that is encrypted but
> not signed from someone else gives the "No CA configured" error.
> However, while doing this, I see that gpgsm was run and openssl was
> not (from atimes on the binaries).

No, there is at least one open bug: mm-view-pkcs7-verify is hard-wired
for openssl, while mm-view-pkcs7-decrypt respects mml-smime-use.
https://debbugs.gnu.org/cgi/bugreport.cgi?bug=18393

> 3) When verifying openpgp/mime, I am notified of decryption status as
> well as signatures, so that I know the message was encrypted.  I don't
> see any hint of this with epg/gpgsm.  Any advice, other than figure it
> out and send a patch?

For signed plaintext messages I see the verification status.  For signed
and encrypted ones not.  My advice is to go for OpenPGP :-)

Best wishes
Jens

Re: S/MIME verification, marking of encryped

[Greg Troxel]

[-- Attachment #1: Type: text/plain, Size: 1847 bytes --]


jens.lechtenboerger@fsfe.org writes:

> Hi Greg!
>
>> I'm a longtime epg user with gnupg (coming from mailcrypt and then
>> pgg), and generally it works well.  I am now trying to get set up with
>> S/MIME to interact with some people who do encrypted mail that way,
>> and finding it harder than it seems I should.
>
> If I understand correctly, they already use S/MIME, right?  So, probably
> this choice is not yours to make, but I recommend OpenPGP over S/MIME,
> as explained in a blog entry:
> https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/

You will notice that my messages to this list are signed with OpenPGP.
Indeed my question is about how to interoperate with people that already
use S/MIME.

Your blog post conflates the common PKI model and the S/MIME standard
itself - which I realize is how normal people come to this.  Some
organizations use S/MIME but only configure their own CAs as trust
anchors.  This is quite sane.  But I agree that that vast CA list is
goofy and inflicted on most people.

>> 1) What is the thinking on the default for smime between epg/gpgsm and
>> openssl?
>
> My recommendation is to stay away from openssl.  Use gpgsm.

So perhaps the defaults should be flipped in gnus, so that epg/gpgsm is
used, throwing an error if not found (or silently not decoding merely
signed?), unless someone has explicitly asked for the openssl version?

>> 3) When verifying openpgp/mime, I am notified of decryption status as
>> well as signatures, so that I know the message was encrypted.  I don't
>> see any hint of this with epg/gpgsm.  Any advice, other than figure it
>> out and send a patch?
>
> For signed plaintext messages I see the verification status.  For signed
> and encrypted ones not.  My advice is to go for OpenPGP :-)

You vastly overestimate my status as world dictator :-)

[-- Attachment #2: Type: application/pgp-signature, Size: 180 bytes --]

Re: S/MIME verification, marking of encryped

[jens.lechtenboerger]

Greg Troxel <gdt@lexort.com> writes:

> jens.lechtenboerger@fsfe.org writes:
>
> Your blog post conflates the common PKI model and the S/MIME standard
> itself

I hope not.  I explain that you need a notion of trust, and I also
mention the case of the monopoly.

> - which I realize is how normal people come to this.

Come to what?

> Some organizations use S/MIME but only configure their own CAs as
> trust anchors.  This is quite sane.  But I agree that that vast CA
> list is goofy and inflicted on most people.

Using just your own CA conflicts with the decentralized model of e-mail.

>> My recommendation is to stay away from openssl.  Use gpgsm.
>
> So perhaps the defaults should be flipped in gnus, so that epg/gpgsm is
> used, throwing an error if not found (or silently not decoding merely
> signed?), unless someone has explicitly asked for the openssl version?

Yes, I agree.  Actually, I plan to propose that later this month.
Currently, I’m working on the refactoring of encryption related code in
Gnus that I proposed more than a year ago on this list.

>> My advice is to go for OpenPGP :-)
>
> You vastly overestimate my status as world dictator :-)

Too bad.  Definitely worth a try.

Best wishes
Jens

Re: S/MIME verification, marking of encryped

[Uwe Brauer]

[-- Attachment #1: Type: text/plain, Size: 936 bytes --]


   > Hi Greg!

   > If I understand correctly, they already use S/MIME, right?  So, probably
   > this choice is not yours to make, but I recommend OpenPGP over S/MIME,
   > as explained in a blog entry:
   > https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/

I disagree. Smime is much easier for most users to use. Using a maybe
technical superior solution but having nobody to communicate with is a
mayor drawback.

   > If you get that error you can be certain that openssl code was involved,
   > which is a bug.



   > That should do it.  Alternatively, you could put
   >    (require 'epg)
   > into .emacs (early on, before other encryption-related code gets called).


   > My recommendation is to stay away from openssl.  Use gpgsm.
I agree I never got openssl to work while gpgsm works without any
problems.
If you like I can send  my private setting off list

Uwe Brauer 

[-- Attachment #2: smime.p7s --]
[-- Type: application/pkcs7-signature, Size: 6007 bytes --]

Re: S/MIME verification, marking of encryped

[Greg Troxel]

[-- Attachment #1: Type: text/plain, Size: 1159 bytes --]


jens.lechtenboerger@fsfe.org writes:

> Greg Troxel <gdt@lexort.com> writes:
>
>>> My recommendation is to stay away from openssl.  Use gpgsm.
>>
>> So perhaps the defaults should be flipped in gnus, so that epg/gpgsm is
>> used, throwing an error if not found (or silently not decoding merely
>> signed?), unless someone has explicitly asked for the openssl version?
>
> Yes, I agree.  Actually, I plan to propose that later this month.
> Currently, I’m working on the refactoring of encryption related code in
> Gnus that I proposed more than a year ago on this list.

I look forward to testing this.

Following up on some previous discussion:

In theory an S/MIME implementation could allow for flexible
user-controlled key management, where one could choose to trust an
end-user cert without enabling a CA.   But having tried this with
Mail.app and gpgsm, I find that you are entirely right and that the
standard PKI model is very baked in.   With gpgsm this is about just
mail, but with Mail.app it gets into "do you want to trust random
company's CA for x.509 certs in general".

Thanks for the advice about this.

Greg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 180 bytes --]