mml2015.el Feedback

mml2015.el Feedback

[Georg C. F. Greve]

[-- Attachment #1.1: Type: text/plain, Size: 1133 bytes --]

Hi,

it seems that Crypto support has made a leap forward in gnus, which
makes me pretty happy. Currently I'm using CVS-gnus of Dec 11th 2002,
but there is one thing that disturbed me.

When I get a mail that is only signed, I get a

     [[PGP Signed Part:OK]]

tag, as it should be.

When the same person sends me an encrypted mail, I get a

     [[PGP Encrypted Part:OK, Signer: From unknown user]]

which seems a weird result, as the signer is the same person who
encrypted the mail. The way the message is crafted, I would expect the
email address or real name of the person who signed that mail / some
hint about whether the signature was okay. 

"From unknown user" seems strange as it seems to say the signature is
okay, but it doesn't know who signed it. But if Gnus didn't know who
signed it, how did it know which key to check the signature against? :)

Regards,
Georg

-- 
Georg C. F. Greve                                       <greve@gnu.org>
Free Software Foundation Europe	                 (http://fsfeurope.org)
Brave GNU World	                           (http://brave-gnu-world.org)

[-- Attachment #2: Type: application/pgp-signature, Size: 258 bytes --]

Re: mml2015.el Feedback

[Josh Huber]

[-- Attachment #1: Type: text/plain, Size: 672 bytes --]

"Georg C. F. Greve" <greve@gnu.org> writes:

> "From unknown user" seems strange as it seems to say the signature
> is okay, but it doesn't know who signed it. But if Gnus didn't know
> who signed it, how did it know which key to check the signature
> against? :)

Well, is the mail actually signed as well as being encrypted?  Looking
at the mml2015 code, it looks like if there's no signature, this is
what the output text might be.

Perhaps that should be more clear?  Hit RET on the:

"[[PGP Encrypted Part:OK, Signer: From unknown user]]"

button, and see what the actual gpg output displayed.  Is there any
signature information?

-- 
Josh Huber

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

Re: mml2015.el Feedback

[Georg C. F. Greve]

[-- Attachment #1.1: Type: text/plain, Size: 978 bytes --]

 || On Thu, 12 Dec 2002 16:28:34 +0100
 || Georg C. F. Greve <greve@gnu.org> wrote: 

 gg> it seems that Crypto support has made a leap forward in gnus,
 gg> which makes me pretty happy. Currently I'm using CVS-gnus of Dec
 gg> 11th 2002, but there is one thing that disturbed me.

Another thing: It seems that the signature verification is broken in
digests... when I put several (perfectly fine signed mails that verify
individually) into a digest and mail that off in encrypted form, the
signatures on the mails in the digest all fail.

So there seems to be some systematic bug in there somehow.

It could potentially be related to the MIME boundary bug that existed
for a long time (has it been fixed by now?)...

Regards,
Georg

-- 
Georg C. F. Greve                                       <greve@gnu.org>
Free Software Foundation Europe	                 (http://fsfeurope.org)
Brave GNU World	                           (http://brave-gnu-world.org)

[-- Attachment #2: Type: application/pgp-signature, Size: 258 bytes --]

Re: mml2015.el Feedback

[Simon Josefsson]

"Georg C. F. Greve" <greve@gnu.org> writes:

> When the same person sends me an encrypted mail, I get a
>
>      [[PGP Encrypted Part:OK, Signer: From unknown user]]
>
> which seems a weird result, as the signer is the same person who
> encrypted the mail. The way the message is crafted, I would expect the
> email address or real name of the person who signed that mail / some
> hint about whether the signature was okay. 

What is the output from a mouse-2 click on the PGP button?

> "From unknown user" seems strange as it seems to say the signature is
> okay, but it doesn't know who signed it. But if Gnus didn't know who
> signed it, how did it know which key to check the signature against? :)

GnuPG selects the key, Gnus only parses the output from gpg.
Presumably, it is the parsing that fails here.

Re: mml2015.el Feedback

[Georg C. F. Greve]

[-- Attachment #1.1: Type: text/plain, Size: 1566 bytes --]

 || On Fri, 13 Dec 2002 15:36:31 +0100
 || Simon Josefsson <jas@extundo.com> wrote: 

 >> When the same person sends me an encrypted mail, I get a
 >> 
 >> [[PGP Encrypted Part:OK, Signer: From unknown user]]
 >> 
 >> which seems a weird result, as the signer is the same person who
 >> encrypted the mail. The way the message is crafted, I would expect
 >> the email address or real name of the person who signed that mail
 >> / some hint about whether the signature was okay.

 sj> What is the output from a mouse-2 click on the PGP button?

I get a "No details." down in the minibuffer.

Since I normally don't select mails by mouse-clicking on them, I just
discovered something else:

When I mouse-2 click on the mail itself, it is being displayed the
same way, but I get a pop-up window telling me that there was a
signature by XYZ and it was okay.


 >> "From unknown user" seems strange as it seems to say the signature
 >> is okay, but it doesn't know who signed it. But if Gnus didn't
 >> know who signed it, how did it know which key to check the
 >> signature against? :)

 sj> GnuPG selects the key, Gnus only parses the output from gpg.
 sj> Presumably, it is the parsing that fails here.

I see. Maybe a more descriptive phrase could be found than "From
unknon user" then?

Regards,
Georg

-- 
Georg C. F. Greve                                       <greve@gnu.org>
Free Software Foundation Europe	                 (http://fsfeurope.org)
Brave GNU World	                           (http://brave-gnu-world.org)

[-- Attachment #2: Type: application/pgp-signature, Size: 258 bytes --]

Re: mml2015.el Feedback

[Georg C. F. Greve]

[-- Attachment #1.1: Type: text/plain, Size: 884 bytes --]

In reply to the mail by Josh Huber, which I only saw per chance in the
archive - please include me in CC in future replies:

 jh> Well, is the mail actually signed as well as being encrypted?

Yes. Definitely.


 jh> Perhaps that should be more clear?  Hit RET on the:

 jh> "[[PGP Encrypted Part:OK, Signer: From unknown user]]"

 jh> button, and see what the actual gpg output displayed.  Is there
 jh> any signature information?

Here is the part from the Messages buffer for one mail:

 Decrypting... [2 times]
 Good signature from 'Georg C. F. Greve <greve@gnu.org>' TRUST_ULTIMATE made 2002-12-13
 Verifying...


Regards,
Georg

-- 
Georg C. F. Greve                                       <greve@gnu.org>
Free Software Foundation Europe	                 (http://fsfeurope.org)
Brave GNU World	                           (http://brave-gnu-world.org)

[-- Attachment #2: Type: application/pgp-signature, Size: 258 bytes --]