Mime PGP for pgnus

Mime PGP for pgnus

[James H. Cloos Jr.]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

This was originally written as an aside on another post, but I think
it deserves its own thread.

Right now, in order to sign a MIME message with, eg mailcrypt, one
must first run mml-to-mime on the buffer.  

The arguably proper approach is of course to use MML to indicate that
the enclosed part should be signed a/o encrypted.  A message body
might look like (leaving out the octothorpes so it gets posted as is):

<multipart type=signed>
<part type=text/plain>
This is the message
<part type=application/pgp-signature elisp=mc-gen-detatched-sig></part>
</multipart>

where mc-gen-detatched-sig would be a function for mml-generate-mime
to call when processing that part.  Perhaps it should be in the
multipart/signed tag rather than the application/pgp-signature tag,
though.

Or, a new tag could be defined:

<mc-sign>
This is the message
</mc-sign>

In this case, mml would need to have support for other packages to
register tags and the functions that implement them.

Any thoughts on which syntax is better from the UI perspective?  In
either case, there would be mc-sign and mc-encrypt equivilents which
insert the necessary mml, so the only question is how things should
look in the buffer....

P.S.  I'd have used mml-quote-region on the mml examples so that the
      octothorpes could be left in, but then the signature wouldn't
      be valid....  Another example of why this is needed.

- -JimC
- -- 
James H. Cloos, Jr.  <http://www.jhcloos.com/cloos/public_key> 1024D/ED7DAEA6 
<cloos@jhcloos.com>     E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE23ZNWmXqfF+19rqYRAih3AJ9+LZkRoq8vFLNv0RPjE8nRZe0csACfeuQF
8YPli+TKUdMA7R8+psFT/2s=
=bGbk
-----END PGP SIGNATURE-----

Re: Mime PGP for pgnus

[Anil B. Somayaji]

-----BEGIN PGP SIGNED MESSAGE-----

"James H. Cloos Jr." <cloos@jhcloos.com> writes:

> <multipart type=signed>
> <part type=text/plain>
> This is the message
> <part type=application/pgp-signature elisp=mc-gen-detatched-sig></part>
> </multipart>

While this syntax tells you more about what the real message will look
like, it is really ugly - not something you'd want to see often, and
hard to generate by hand if things got munged while editing.

> <mc-sign>
> This is the message
> </mc-sign>

This would be really nice - clean, easy to type in manually.  However,
how would this integrate with other mml stuff?  If that could all be
normal (i.e. the same as without signing), with the backend figuring
out the right MIME structure, that would be excellent.

James, thanks for bringing this up.  I like to PGP sign all of my
messages, and until I upgraded to the recent pgnus (>0.70) versions, I
did this using TM's MIME PGP stuff.  The new mml stuff breaks TM, so
I've switched to plain PGP signatures.  I'd like to switch back, but I
haven't spent enough time with the gnus code to figure out how to
implement it with mml.  But, if someone else starts, I'll be happy to
help!

  --Anil

- -- 
Anil Somayaji (soma@cs.unm.edu)
http://www.cs.unm.edu/~soma
+1 505 872 3150

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a
Charset: noconv

iQCVAwUBNt37cELkmkLHxWM5AQFiiAQA3oqusFxQAfR6rdBiT4gE4dGJTB7eoszC
qDBw0N7fGYwXkrXDBtEvpD6C21tK8q+cWnHrnKK82JXESb+b0toR4ttTATt7DtIk
uKQbOxG9AWj60vaOvX4Z7zjdW41TppKCX2eYZ14ZDPWmyWPEoMVZsRw9JUNAsl3H
KN8RKwCzSIs=
=NUdV
-----END PGP SIGNATURE-----

Re: Mime PGP for pgnus

[James H. Cloos Jr.]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>>>>> "Anil" == Anil B Somayaji <soma@cs.unm.edu> writes:

Cloos> <multipart type=signed>
Cloos> <part type=text/plain>
Cloos> This is the message
Cloos> <part type=application/pgp-signature elisp=mc-gen-detatched-sig></part>
Cloos> </multipart>

Anil> While this syntax tells you more about what the real message will look
Anil> like, it is really ugly - not something you'd want to see often, and
Anil> hard to generate by hand if things got munged while editing.

Cloos> <mc-sign>
Cloos> This is the message
Cloos> </mc-sign>

Anil> This would be really nice - clean, easy to type in manually.  However,
Anil> how would this integrate with other mml stuff?  If that could all be
Anil> normal (i.e. the same as without signing), with the backend figuring
Anil> out the right MIME structure, that would be excellent.

That was my intent.  Specifically, I'm thinking along the lines of
having unknown mml tags looked up in an alist whenever they are
processed -- this will most likely require one alist for each step of
the process, assuming multiple steps even occur....

By using an alist, other modules can seemlessly implement non-internal
tags, much like how minor modes interact with the major modes.

A tag like <#mc-sign> would then require args akin to (mc-sign)'s.
Getting the tage right for anon-relays would take some care.

Anil> James, thanks for bringing this up.  I like to PGP sign all of my
Anil> messages, and until I upgraded to the recent pgnus (>0.70) versions, I
Anil> did this using TM's MIME PGP stuff.  The new mml stuff breaks TM, so
Anil> I've switched to plain PGP signatures.  I'd like to switch back, but I
Anil> haven't spent enough time with the gnus code to figure out how to
Anil> implement it with mml.  But, if someone else starts, I'll be happy to
Anil> help!

Yes, I also like to sign everything, and would much prefer to MIME
everything as well, since it works so well with pgnus and AFAIK vm.

I'd also like to see rfc2440 messages presented just like rfc2015
messages are.  Ie, a pseudo-mime-part button a la the pseudo-mime
buttons generated for uuencoded sections, et al.  Also, mailcrypt
should be able to hook in to verify the message if said button is
selected, for either 2440 or 2015 messages.  Unfortunatly, 2440 &
2015 messages cannot be inter-converted; the buffer range that is
digested includes the body part headers in 2015 and Hash: headers
in 2040....

Perhaps -- to plagiarise another post today -- my wetware will be able
to page in enough of my (presumably not _too_ archaic :) lisp knowl-
edge that I may be able to code some of this w/o spending several
millidays looking up docs for each sexp written.....

- -JimC
- -- 
James H. Cloos, Jr.  <http://www.jhcloos.com/cloos/public_key> 1024D/ED7DAEA6 
<cloos@jhcloos.com>     E9E9 F828 61A4 6EA9 0F2B  63E7 997A 9F17 ED7D AEA6
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v0.9.2 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE23wCemXqfF+19rqYRAgWSAKCxLdeDRy3dGQDF9/9U+N3WyFkrTACeIQeB
CYS9BsaM/IcwWwMCG3Dbpy0=
=xmfj
-----END PGP SIGNATURE-----

Re: Mime PGP for pgnus

[Lars Magne Ingebrigtsen]

"James H. Cloos Jr." <cloos@jhcloos.com> writes:

> <multipart type=signed>
> <part type=text/plain>
> This is the message
> <part type=application/pgp-signature elisp=mc-gen-detatched-sig></part>
> </multipart>

Well, that is a bit much...

> where mc-gen-detatched-sig would be a function for mml-generate-mime
> to call when processing that part.  Perhaps it should be in the
> multipart/signed tag rather than the application/pgp-signature tag,
> though.
> 
> Or, a new tag could be defined:
> 
> <mc-sign>
> This is the message
> </mc-sign>

This is a bit too minimal.  :-)

I'd rather not introduce more tags, since more tags means that it's
easier to get something expanded that shouldn't be.

<#multipart type=signed>
This is the message
<#/multipart>

would be OK for me, and this would have the effect of adding a new
part as the last part, and that last part would be the
application/pgp-signature.  

(Hey!  I'm turning into a lawyer.  "The party of the first part...")

-- 
(domestic pets only, the antidote for overdose, milk.)
  larsi@gnus.org * Lars Magne Ingebrigtsen