From: Simon Josefsson <jas@extundo.com>
Cc: ding@gnus.org
Subject: Re: PGG/GPG Integration bug (somewhat nasty & urgent), potential mailcrypt concept bug
Date: Mon, 09 May 2005 21:25:27 +0200 [thread overview]
Message-ID: <iluhdhc5hi0.fsf@latte.josefsson.org> (raw)
In-Reply-To: <m31x8o8zs1.fsf@brain.gnuhh.org> (Georg C. F. Greve's message of "Tue, 03 May 2005 10:44:14 +0200")
"Georg C. F. Greve" <greve@gnu.org> writes:
> I have to say that this is quite annoying and makes Gnus somewhat
> unusable right now. I see three potential fixes here:
>
> a) create clean way to turn off all pgg handling of PIN's or
> Passphrases, turning that part of the operation over to
> gpg-agent.
Do `pgg-cache-passphrase' help?
> c) fix decryption of messages that are encrypted for SmartCard
Can you tell whether this could be solved by a similar simple patch as
the patch you provided for the b) case?
> If you read the above carefully, you will find that indeed there
> something strange: a mail gets signed TWICE, apparently, once for
> sending, once for archival.
>
> This is bad for use in secure environments (SmartCards count
> signatures) and in fact annoying if you enter your PIN every time,
> which some paranoid people may feel like doing.
>
> So I wonder: Is there a striking reason to do this?
Yes, although somewhat obscure.
The encoding done for archiving purposes is not necessarily the same
as is used for outgoing mail. It is the same if you mail and post a
message, there is one set of MIME rules for mail and another for news.
Gcc'ed messages might have attachments striped etc, so may be rather
different from what is actually sent.
While that is an explanation, I completely agree that the resulting
situation is sub-optimal.
Some solutions:
Use bcc. Ugly workaround, but guarantee that you archive exactly what
was mailed (not posted though, since that could be different).
In the GCC handling, make Gnus notice whether the MIME-prepared
message, before PGP signing, is identical to the MIME-prepared message
that was used as input to PGP signing when sending the e-mail, and in
that case store the mailed copy rather than signing another copy of
the identical message.
> gg> b) fix the caching of PINs
>
> Fortunately, I was able to resolve this one myself.
Applied, thanks!
next prev parent reply other threads:[~2005-05-09 19:25 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-05-03 8:44 Georg C. F. Greve
2005-05-04 18:16 ` Georg C. F. Greve
2005-05-09 19:25 ` Simon Josefsson [this message]
2005-05-11 9:11 ` Georg C. F. Greve
2005-05-12 15:48 ` PGG/GPG Integration bug (somewhat nasty & urgent), potential Werner Koch
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=iluhdhc5hi0.fsf@latte.josefsson.org \
--to=jas@extundo.com \
--cc=ding@gnus.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).