From mboxrd@z Thu Jan  1 00:00:00 1970
X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.general/86212
Path: news.gmane.org!not-for-mail
From: Greg Troxel <gdt@lexort.com>
Newsgroups: gmane.emacs.gnus.general
Subject: Re: S/MIME verification, marking of encryped
Date: Sat, 10 Oct 2015 07:24:52 -0400
Message-ID: <smuzizraruj.fsf@linuxpal.mit.edu>
References: <smubncafv96.fsf@linuxpal.mit.edu>
	<1135889000.4424.1444461613315.JavaMail.open-xchange@ox1app>
NNTP-Posting-Host: plane.gmane.org
Mime-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
X-Trace: ger.gmane.org 1444476422 25865 80.91.229.3 (10 Oct 2015 11:27:02 GMT)
X-Complaints-To: usenet@ger.gmane.org
NNTP-Posting-Date: Sat, 10 Oct 2015 11:27:02 +0000 (UTC)
Cc: ding <ding@gnus.org>
To: jens.lechtenboerger@fsfe.org
Original-X-From: ding-owner+M34446@lists.math.uh.edu Sat Oct 10 13:26:51 2015
Return-path: <ding-owner+M34446@lists.math.uh.edu>
Envelope-to: ding-account@gmane.org
Original-Received: from lists1.math.uh.edu ([129.7.128.208])
	by plane.gmane.org with esmtp (Exim 4.69)
	(envelope-from <ding-owner+M34446@lists.math.uh.edu>)
	id 1ZksId-0001gK-11
	for ding-account@gmane.org; Sat, 10 Oct 2015 13:26:51 +0200
Original-Received: from localhost ([127.0.0.1] helo=lists.math.uh.edu)
	by lists1.math.uh.edu with smtp (Exim 4.85)
	(envelope-from <ding-owner+M34446@lists.math.uh.edu>)
	id 1ZksGu-0003YT-3y; Sat, 10 Oct 2015 06:25:04 -0500
Original-Received: from mx2.math.uh.edu ([129.7.128.33])
	by lists1.math.uh.edu with esmtps (TLSv1.2:AES128-GCM-SHA256:128)
	(Exim 4.85)
	(envelope-from <gdt@lexort.com>)
	id 1ZksGr-0003Y4-WA
	for ding@lists.math.uh.edu; Sat, 10 Oct 2015 06:25:02 -0500
Original-Received: from quimby.gnus.org ([80.91.231.51])
	by mx2.math.uh.edu with esmtps (TLSv1.2:DHE-RSA-AES128-SHA:128)
	(Exim 4.85)
	(envelope-from <gdt@lexort.com>)
	id 1ZksGq-0001rO-NN
	for ding@lists.math.uh.edu; Sat, 10 Oct 2015 06:25:01 -0500
Original-Received: from linuxpal.mit.edu ([18.62.1.14])
	by quimby.gnus.org with esmtps (TLS1.2:DHE_RSA_AES_256_CBC_SHA256:256)
	(Exim 4.80)
	(envelope-from <gdt@lexort.com>)
	id 1ZksGo-0005Fg-VR
	for ding@gnus.org; Sat, 10 Oct 2015 13:24:59 +0200
Original-Received: by linuxpal.mit.edu (Postfix, from userid 9545)
	id 21FE616078; Sat, 10 Oct 2015 07:24:56 -0400 (EDT)
OpenPGP: id=098ED60E
X-Hashcash: 1:20:151010:ding@gnus.org::gWRFVAH7atQ/4SY8:000020sm
X-Hashcash: 1:20:151010:jens.lechtenboerger@fsfe.org::gWRFVAH7atQ/4SY8:0000000000000000000000000000000002X7K
In-Reply-To: <1135889000.4424.1444461613315.JavaMail.open-xchange@ox1app>
	(jens lechtenboerger's message of "Sat, 10 Oct 2015 09:20:13 +0200
	(CEST)")
User-Agent: Gnus/5.130006 (Ma Gnus v0.6) Emacs/24.3 (berkeley-unix)
X-Spam-Score: -4.9 (----)
List-ID: <ding.gnus.org>
Precedence: bulk
Xref: news.gmane.org gmane.emacs.gnus.general:86212
Archived-At: <http://permalink.gmane.org/gmane.emacs.gnus.general/86212>

--=-=-=
Content-Type: text/plain


jens.lechtenboerger@fsfe.org writes:

> Hi Greg!
>
>> I'm a longtime epg user with gnupg (coming from mailcrypt and then
>> pgg), and generally it works well.  I am now trying to get set up with
>> S/MIME to interact with some people who do encrypted mail that way,
>> and finding it harder than it seems I should.
>
> If I understand correctly, they already use S/MIME, right?  So, probably
> this choice is not yours to make, but I recommend OpenPGP over S/MIME,
> as explained in a blog entry:
> https://blogs.fsfe.org/jens.lechtenboerger/2013/12/23/openpgp-and-smime/

You will notice that my messages to this list are signed with OpenPGP.
Indeed my question is about how to interoperate with people that already
use S/MIME.

Your blog post conflates the common PKI model and the S/MIME standard
itself - which I realize is how normal people come to this.  Some
organizations use S/MIME but only configure their own CAs as trust
anchors.  This is quite sane.  But I agree that that vast CA list is
goofy and inflicted on most people.

>> 1) What is the thinking on the default for smime between epg/gpgsm and
>> openssl?
>
> My recommendation is to stay away from openssl.  Use gpgsm.

So perhaps the defaults should be flipped in gnus, so that epg/gpgsm is
used, throwing an error if not found (or silently not decoding merely
signed?), unless someone has explicitly asked for the openssl version?

>> 3) When verifying openpgp/mime, I am notified of decryption status as
>> well as signatures, so that I know the message was encrypted.  I don't
>> see any hint of this with epg/gpgsm.  Any advice, other than figure it
>> out and send a patch?
>
> For signed plaintext messages I see the verification status.  For signed
> and encrypted ones not.  My advice is to go for OpenPGP :-)

You vastly overestimate my status as world dictator :-)

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAlYY9YQACgkQH9p66AmO1g7XKwCePzHkGntgoSqv7SRH14MwGZNp
U08AoIYm7ur8u2Cw70RJJqpUBA2605xj
=SNto
-----END PGP SIGNATURE-----
--=-=-=--