From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/60271 Path: news.gmane.org!not-for-mail From: Simon Josefsson Newsgroups: gmane.emacs.gnus.general Subject: Re: PGG/GPG Integration bug (somewhat nasty & urgent), potential mailcrypt concept bug Date: Mon, 09 May 2005 21:25:27 +0200 Message-ID: References: NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1115666468 19532 80.91.229.2 (9 May 2005 19:21:08 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Mon, 9 May 2005 19:21:08 +0000 (UTC) Cc: ding@gnus.org Original-X-From: ding-owner+M8799@lists.math.uh.edu Mon May 09 21:21:05 2005 Return-path: Original-Received: from malifon.math.uh.edu ([129.7.128.13]) by ciao.gmane.org with esmtp (Exim 4.43) id 1DVDns-0008Nv-Ad for ding-account@gmane.org; Mon, 09 May 2005 21:20:32 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu ident=lists) by malifon.math.uh.edu with smtp (Exim 3.20 #1) id 1DVDtP-0006n5-00; Mon, 09 May 2005 14:26:15 -0500 Original-Received: from util2.math.uh.edu ([129.7.128.23]) by malifon.math.uh.edu with esmtp (Exim 3.20 #1) id 1DVDtL-0006n0-00 for ding@lists.math.uh.edu; Mon, 09 May 2005 14:26:11 -0500 Original-Received: from quimby.gnus.org ([80.91.224.244]) by util2.math.uh.edu with esmtp (Exim 4.30) id 1DVDtK-0005af-9A for ding@lists.math.uh.edu; Mon, 09 May 2005 14:26:10 -0500 Original-Received: from 178.230.13.217.in-addr.dgcsystems.net ([217.13.230.178] helo=yxa.extundo.com) by quimby.gnus.org with esmtp (Exim 3.35 #1 (Debian)) id 1DVDtG-00088p-00 for ; Mon, 09 May 2005 21:26:06 +0200 Original-Received: from latte.josefsson.org (c494102a.s-bi.bostream.se [217.215.27.65]) (authenticated bits=0) by yxa.extundo.com (8.13.4/8.13.4/Debian-1) with ESMTP id j49JPo51029825 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 9 May 2005 21:25:57 +0200 Original-To: "Georg C. F. Greve" OpenPGP: id=B565716F; url=http://josefsson.org/key.txt X-Hashcash: 1:21:050509:ding@gnus.org::xiItPExZfndAiR02:NAK X-Hashcash: 1:21:050509:greve@gnu.org::OUE2T7MTCdfd5x8B:n6i In-Reply-To: (Georg C. F. Greve's message of "Tue, 03 May 2005 10:44:14 +0200") User-Agent: Gnus/5.110004 (No Gnus v0.4) Emacs/22.0.50 (gnu/linux) X-Spam-Status: No, score=0.1 required=5.0 tests=FORGED_RCVD_HELO autolearn=failed version=3.0.2 X-Spam-Checker-Version: SpamAssassin 3.0.2 (2004-11-16) on yxa-iv X-Virus-Scanned: ClamAV version 0.84, clamav-milter version 0.84e on yxa.extundo.com X-Virus-Status: Clean X-Spam-Score: -4.9 (----) Precedence: bulk Original-Sender: ding-owner@lists.math.uh.edu Xref: news.gmane.org gmane.emacs.gnus.general:60271 X-Report-Spam: http://spam.gmane.org/gmane.emacs.gnus.general:60271 "Georg C. F. Greve" writes: > I have to say that this is quite annoying and makes Gnus somewhat > unusable right now. I see three potential fixes here: > > a) create clean way to turn off all pgg handling of PIN's or > Passphrases, turning that part of the operation over to > gpg-agent. Do `pgg-cache-passphrase' help? > c) fix decryption of messages that are encrypted for SmartCard Can you tell whether this could be solved by a similar simple patch as the patch you provided for the b) case? > If you read the above carefully, you will find that indeed there > something strange: a mail gets signed TWICE, apparently, once for > sending, once for archival. > > This is bad for use in secure environments (SmartCards count > signatures) and in fact annoying if you enter your PIN every time, > which some paranoid people may feel like doing. > > So I wonder: Is there a striking reason to do this? Yes, although somewhat obscure. The encoding done for archiving purposes is not necessarily the same as is used for outgoing mail. It is the same if you mail and post a message, there is one set of MIME rules for mail and another for news. Gcc'ed messages might have attachments striped etc, so may be rather different from what is actually sent. While that is an explanation, I completely agree that the resulting situation is sub-optimal. Some solutions: Use bcc. Ugly workaround, but guarantee that you archive exactly what was mailed (not posted though, since that could be different). In the GCC handling, make Gnus notice whether the MIME-prepared message, before PGP signing, is identical to the MIME-prepared message that was used as input to PGP signing when sending the e-mail, and in that case store the mailed copy rather than signing another copy of the identical message. > gg> b) fix the caching of PINs > > Fortunately, I was able to resolve this one myself. Applied, thanks!