proposed patch to enable MH-E usage of GNU + EPG

proposed patch to enable MH-E usage of GNU + EPG

[timotheus]

[-- Attachment #1.1: Type: text/plain, Size: 3170 bytes --]


Hi. I would like to make a feature request and also provide the
implementation: that MH-E would support multiple identities using S/MIME
through the most recent GNUs + EasyPG interface. My understanding is
that GNUs 5.11 (cvs) has added support for using EasyPG (library "epg"),
which is eventually to be merged into Emacs CVS.

    http://gnus.org/
    http://www.easypg.org/

In the case of a single identity, installation and configuration of GNUs
5.11 (cvs) to use method 'epg is sufficient.

---- EXAMPLE ----
(setq mml-smime-use 'epg)
(setq mml2015-use 'epg)
(setq pgg-default-scheme 'epg)
---- EXAMPLE ----

The following code will implement MH identity support for this new
epg s/mime functionality without affecting normal GNUs or MML
behavior. It works by use of an identity handler in like fashion to how
MH already supports multiple pgg identities.

My request is that something similar to the following example be added
to `mh-e.el', `mh-mime.el', `mh-identity.el' in the not so distant
future. It is written such that a user could paste it into ~/.emacs and
not have to wait :).

Thanks & regards,
-timotheus

---- EXAMPLE ----
;;;;; MH-E S/MIME identity handling for EasyPG

;;;;; add to mh-e.el
(defvar mh-identity-mml-smime-signers nil
  "Holds list of the S/MIME key ID(s) to be used by mml-smime.el.
This is normally set as part of an Identity in
`mh-identity-list'.")
(make-variable-buffer-local 'mh-identity-mml-smime-signers)

(add-to-list 'mh-identity-handlers
             '(":mml-smime-signers" . mh-identity-handler-smime-identity) t)

;;;;; add to mh-identity.el
(defun mh-identity-handler-smime-identity (field action &optional value)
  "Process header FIELD \":mml-smime-signers\".
The ACTION is one of 'remove or 'add. If 'add, the VALUE is added.
The global variable `mh-identity-mml-smime-signers' is set to
VALUE when action 'add is selected."
  (cond
   ((or (equal action 'remove)
        (not value)
        (string= value ""))
    (setq mh-identity-mml-smime-signers nil))
   ((equal action 'add)
    (setq mh-identity-mml-smime-signers (list value))))
  )

;;;;; add to mh-mime.el

;; this advice would be even better to incorporate directly into
;; `mh-mml-to-mime', and it should be straitforward as how to do that:
;;
;;     (let ((saved-text (buffer-string))
;;           (buffer (current-buffer))
;;   -       (modified-flag (buffer-modified-p)))
;;   +       (modified-flag (buffer-modified-p))
;;   +       (mml-smime-signers mh-identity-mml-smime-signers))
;;   +   (message-options-set 'mml-smime-epg-signers nil)
;;       (condition-case err (mml-to-mime)
;;
;;
;; The line:  (message-options-set 'mml-smime-epg-signers nil)
;; is necessary to force MML to scan keys again now that
;; `mml-smime-signers' has been modified. Probably a GNUs (cvs) bug.
;;

(defadvice mh-mml-to-mime (around ad-smime-signers-mh-mml-to-mime activate)
    "Advise `mh-mml-to-mime' to use the MH identity equivalent of
`mml-smime-signers' when calling `mml-to-mime'."
    (let ((mml-smime-signers mh-identity-mml-smime-signers))
      (message-options-set 'mml-smime-epg-signers nil)
      (setq ad-return-value ad-do-it)))

---- EXAMPLE ----

[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]

[-- Attachment #2: Type: text/plain, Size: 286 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

[-- Attachment #3: Type: text/plain, Size: 161 bytes --]

_______________________________________________
mh-e-devel mailing list
mh-e-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mh-e-devel

Re: proposed patch to enable MH-E usage of GNU + EPG

[Richard Stallman]

Please do not make MH-E use EPG until EPG is _actually installed_ in
Emacs.  "There's many a slip twixt the cup and the lip."

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: proposed patch to enable MH-E usage of GNU + EPG

[Bill Wohler]

timotheus <timotheus@tstotts.net> wrote:
> Hi. I would like to make a feature request and also provide the
> implementation: that MH-E would support multiple identities using S/MIME
> through the most recent GNUs + EasyPG interface.

Thanks very much timotheus. I haven't yet heard of EPG and will make a
note to read up on it. I am extremely pleased that we'll be able to
provide S/MIME support in the future. In the meantime, would you be
kind enough to report your request and code to SourceForge so that we
can track it?

  http://sourceforge.net/tracker/?group_id=13357&atid=113357

Richard Stallman <rms@gnu.org> writes:

> Please do not make MH-E use EPG until EPG is _actually installed_ in
> Emacs. 

There is certainly no harm in making it aware of EPG, if it is
available. MH-E has quite a bit of precedent of being able to handle
packages if they are installed, but otherwise ignore them. I'm
assuming furthermore that EPG is free and there won't be any problem
referring to it in MH-E. Yes? However, I agree that MH-E should not
use send EPG by default until it is installed in Emacs.

> "There's many a slip twixt the cup and the lip."

;-). Playing your gamelan tonight, Richard?

-- 
Bill Wohler <wohler@newt.com>  http://www.newt.com/wohler/  GnuPG ID:610BD9AD


-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: proposed patch to enable MH-E usage of GNU + EPG

[timotheus]

[-- Attachment #1.1: Type: text/plain, Size: 2784 bytes --]

Bill Wohler <wohler@newt.com> writes:

> Thanks very much timotheus. I haven't yet heard of EPG and will make a
> note to read up on it. I am extremely pleased that we'll be able to
> provide S/MIME support in the future. In the meantime, would you be
> kind enough to report your request and code to SourceForge so that we
> can track it?

You're welcome. Added to sourceforge. FYI, MH-E of the Emacs CVS head
already supports S/MIME through the `smime.el' library that uses
openssl. Remember that MH-E uses Gnus MML to provide the security. You
just change the default MML method to "smime" instead of
"pgpmime". However, multiple identity support is lacking, and `smime.el'
has some security, feature, and ease-of-use concerns too.

This is not the only feature I've added to MH-E / MM locally for my own
personal use. Some of these include:
   - proper LDAP email lookup and expansion via EUDC
   - scale-down of large inline images to fit current buffer window
     size; works with Unicode and HTML buffers too!
   - key strokes to switch between smime/pgpmime
   - identity handler for auto signing, different method for each
   - inherit lpr command from `lpr.el'
   - auto-view of PDF, DOC, etc. inline

If you or users want to poke around:
  http://tstotts.net/pubvc.co/elisp-snippets/
  http://tstotts.net/pubvc.co/elisp-snippets/set-mh-e.el


> Richard Stallman <rms@gnu.org> writes:
>
>> Please do not make MH-E use EPG until EPG is _actually installed_ in
>> Emacs. 
>
> There is certainly no harm in making it aware of EPG, if it is
> available. MH-E has quite a bit of precedent of being able to handle
> packages if they are installed, but otherwise ignore them. I'm
> assuming furthermore that EPG is free and there won't be any problem
> referring to it in MH-E. Yes? However, I agree that MH-E should not
> use send EPG by default until it is installed in Emacs.
>
>> "There's many a slip twixt the cup and the lip."
>
> ;-). Playing your gamelan tonight, Richard?

I concur with Stallman's concern. The Gnus I referred to is Gnus 5.11
(cvs), which now appears to be named No Gnus, current snapshot is
version 0.6. (My code requires the head CVS - 0.7.) Perhaps you can call
this alpha software. You'll note the comments in my example work around
a No Gnus "bug" present in this functionality.

Earlier I read a thread between some combination of EasyPG, Gnus devs,
and/or Stallman -- I don't recall. The general impression was that `epg'
just might replace `pgg' altogether in the future;
code/decisions/interfaces are in flux... etc.

Mostly I hope that MH-E will add this feature soon after No Gnus
reaches a beta/merge/release state :-). Before-hand could be premature,
IMHO.

Regards,
-timotheus

[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]

[-- Attachment #2: Type: text/plain, Size: 286 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

[-- Attachment #3: Type: text/plain, Size: 161 bytes --]

_______________________________________________
mh-e-devel mailing list
mh-e-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mh-e-devel

smime.el: security concerns? (was: proposed patch to enable MH-E usage of GNU + EPG)

[Reiner Steib]

On Fri, Jul 13 2007, timotheus wrote:

> FYI, MH-E of the Emacs CVS head already supports S/MIME through the
> `smime.el' library that uses openssl. Remember that MH-E uses Gnus
> MML to provide the security. You just change the default MML method
> to "smime" instead of "pgpmime". However, multiple identity support
> is lacking, and `smime.el' has some security, feature, and
> ease-of-use concerns too.

If there are any security concerns wrt `smime.el', please report them.

Bye, Reiner.
-- 
       ,,,
      (o o)
---ooO-(_)-Ooo---  |  PGP key available  |  http://rsteib.home.pages.de/

Re: smime.el: security concerns?

[timotheus]

[-- Attachment #1.1: Type: text/plain, Size: 877 bytes --]

Reiner Steib <reinersteib+gmane@imap.cc> writes:

> On Fri, Jul 13 2007, timotheus wrote:
>
>> ... `smime.el' has some security, feature, and
>> ease-of-use concerns too.
>
> If there are any security concerns wrt `smime.el', please report them.
>
> Bye, Reiner.
> -- 

It is more a matter of opinion, but I once noticed the following with
`smime.el'.

  - `call-process' / `call-process-region' (temporary files in /tmp/?)
  - environment variable(s) for password passing
  - documentation encourages use of un-passworded .pem
  - password caching via elisp instead of external agent
    - personally avoid, even for tramp + SSH
  - the very manual .pem key/crt setup was tricky

Some of them you mention in the comments. EasyPG mentions some of them
in its comments/docs wrt other Emacs cryptography libraries. Not a big
deal, perhaps.

-timotheus

[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]

[-- Attachment #2: Type: text/plain, Size: 142 bytes --]

_______________________________________________
Emacs-devel mailing list
Emacs-devel@gnu.org
http://lists.gnu.org/mailman/listinfo/emacs-devel

Re: smime.el: security concerns?

[Richard Stallman]

      - `call-process' / `call-process-region' (temporary files in /tmp/?)
      - environment variable(s) for password passing
      - documentation encourages use of un-passworded .pem
      - password caching via elisp instead of external agent
	- personally avoid, even for tramp + SSH
      - the very manual .pem key/crt setup was tricky

We have eliminated the same problems in the rest of Emacs; shouldn't
we fix smime.el to get rid if them too?

Re: proposed patch to enable MH-E usage of GNU + EPG

[Richard Stallman]

    You're welcome. Added to sourceforge.

What has been added to what?

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

Re: proposed patch to enable MH-E usage of GNU + EPG

[Richard Stallman]

    > Please do not make MH-E use EPG until EPG is _actually installed_ in
    > Emacs. 

    There is certainly no harm in making it aware of EPG, if it is
    available.

Yes there is: the complexity of supporting both.

If we do install EPG in Emacs, then you can add EPG support to MH-E
and remove the pgg support at the same time.

Re: proposed patch to enable MH-E usage of GNU + EPG

[timotheus]

[-- Attachment #1.1: Type: text/plain, Size: 272 bytes --]

Richard Stallman <rms@gnu.org> writes:
>     You're welcome. Added to sourceforge.
>
> What has been added to what?

My feature request for MH-E multiple S/MIME identity via EPG support was
added to the mh-e project's bug tracking system on sourceforge.net, as
requested.

[-- Attachment #1.2: Type: application/pgp-signature, Size: 188 bytes --]

[-- Attachment #2: Type: text/plain, Size: 286 bytes --]

-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/

[-- Attachment #3: Type: text/plain, Size: 161 bytes --]

_______________________________________________
mh-e-devel mailing list
mh-e-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/mh-e-devel