From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/86216 Path: news.gmane.org!not-for-mail From: Greg Troxel Newsgroups: gmane.emacs.gnus.general Subject: Re: S/MIME verification, marking of encryped Date: Tue, 13 Oct 2015 18:05:31 -0400 Message-ID: References: <1135889000.4424.1444461613315.JavaMail.open-xchange@ox1app> <1562862440.6587.1444551474352.JavaMail.open-xchange@ox1app> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-Trace: ger.gmane.org 1444774000 31110 80.91.229.3 (13 Oct 2015 22:06:40 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Tue, 13 Oct 2015 22:06:40 +0000 (UTC) Cc: ding To: jens.lechtenboerger@fsfe.org Original-X-From: ding-owner+M34450@lists.math.uh.edu Wed Oct 14 00:06:29 2015 Return-path: Envelope-to: ding-account@gmane.org Original-Received: from lists1.math.uh.edu ([129.7.128.208]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1Zm7iG-0008HA-87 for ding-account@gmane.org; Wed, 14 Oct 2015 00:06:28 +0200 Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu) by lists1.math.uh.edu with smtp (Exim 4.85) (envelope-from ) id 1Zm7ha-0001DN-Ly; Tue, 13 Oct 2015 17:05:46 -0500 Original-Received: from mx2.math.uh.edu ([129.7.128.33]) by lists1.math.uh.edu with esmtps (TLSv1.2:AES128-GCM-SHA256:128) (Exim 4.85) (envelope-from ) id 1Zm7hX-0001D3-Km for ding@lists.math.uh.edu; Tue, 13 Oct 2015 17:05:43 -0500 Original-Received: from quimby.gnus.org ([80.91.231.51]) by mx2.math.uh.edu with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128) (Exim 4.85) (envelope-from ) id 1Zm7hV-0001Tu-Tl for ding@lists.math.uh.edu; Tue, 13 Oct 2015 17:05:43 -0500 Original-Received: from linuxpal.mit.edu ([18.62.1.14]) by quimby.gnus.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256) (Exim 4.80) (envelope-from ) id 1Zm7hU-0003Oz-6A for ding@gnus.org; Wed, 14 Oct 2015 00:05:40 +0200 Original-Received: by linuxpal.mit.edu (Postfix, from userid 9545) id 3860316078; Tue, 13 Oct 2015 18:05:35 -0400 (EDT) OpenPGP: id=098ED60E X-Hashcash: 1:20:151013:jens.lechtenboerger@fsfe.org::4gJqqTz093HYQ6Nv:0000000000000000000000000000000001OA2 X-Hashcash: 1:20:151013:ding@gnus.org::4gJqqTz093HYQ6Nv:00007O1Z In-Reply-To: <1562862440.6587.1444551474352.JavaMail.open-xchange@ox1app> (jens lechtenboerger's message of "Sun, 11 Oct 2015 10:17:54 +0200 (CEST)") User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.3 (berkeley-unix) X-Spam-Score: -4.9 (----) List-ID: Precedence: bulk Xref: news.gmane.org gmane.emacs.gnus.general:86216 Archived-At: --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable jens.lechtenboerger@fsfe.org writes: > Greg Troxel writes: > >>> My recommendation is to stay away from openssl. Use gpgsm. >> >> So perhaps the defaults should be flipped in gnus, so that epg/gpgsm is >> used, throwing an error if not found (or silently not decoding merely >> signed?), unless someone has explicitly asked for the openssl version? > > Yes, I agree. Actually, I plan to propose that later this month. > Currently, I=E2=80=99m working on the refactoring of encryption related c= ode in > Gnus that I proposed more than a year ago on this list. I look forward to testing this. Following up on some previous discussion: In theory an S/MIME implementation could allow for flexible user-controlled key management, where one could choose to trust an end-user cert without enabling a CA. But having tried this with Mail.app and gpgsm, I find that you are entirely right and that the standard PKI model is very baked in. With gpgsm this is about just mail, but with Mail.app it gets into "do you want to trust random company's CA for x.509 certs in general". Thanks for the advice about this. Greg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iEYEARECAAYFAlYdgCsACgkQH9p66AmO1g5AvwCfXF+/WHYRk62uqonCAcKzC1tq fV8AnjsKmO+MvcB5KR5qlKWkRT6JTq1p =dfz6 -----END PGP SIGNATURE----- --=-=-=--