From: Jens Lechtenboerger <jens.lechtenboerger@fsfe.org>
To: help-gnu-emacs@gnu.org, info-gnus-english@gnu.org
Subject: S/MIME with OpenSSL?
Date: Sun, 08 Nov 2015 17:15:02 +0100 [thread overview]
Message-ID: <87r3k0wjqx.fsf@informationelle-selbstbestimmung-im-internet.de> (raw)
Hi there,
I plan to refactor the code used for GnuPG in the Message mode of
Emacs (Gnus) and started a discussion on the Gnus devel mailing list
ding. An open issue is the use of OpenSSL for S/MIME in Emacs,
which might be removed in the future. So if you use S/MIME via
OpenSSL, please let me know why.
I recommend that you use gpgsm instead of openssl for S/MIME as:
** Gpgsm manages certificates (storage, expiry, revocation).
Users need to perform those tasks manually with openssl.
** Openssl has bugs as documented in the BUGS section of man smime(1).
In particular: SMIMECapabilities are ignored, no revocation checking
is done on the signer's certificate.
** Advertised SMIMECapabilities include broken encryption algorithms.
With the precompiled openssl 1.0.1f on my system RC2 is advertised,
which should have been dropped since S/MIME 3.x, see:
https://tools.ietf.org/html/rfc5751#appendix-B
Currently, openssl is preferred over epg (gpgsm), via
(defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl))
in mml-smime.el. However, epg does not get loaded on its own even if it
is present. Thus, users need to set mml-smime-use or require epg in
their ~/.emacs, but the manual does not mention gpgsm at all.
I plan to change this to prefer epg by default (and to document and
recommend gpgsm).
What’s your opinion?
Best wishes
Jens
P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME.
Still, S/MIME is better than plaintext.
next reply other threads:[~2015-11-08 16:15 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-11-08 16:15 Jens Lechtenboerger [this message]
2015-11-10 16:42 ` Uwe Brauer
2015-11-10 21:41 ` Adam Sjøgren
2015-11-11 9:38 ` Uwe Brauer
2015-11-11 16:12 ` Adam Sjøgren
2015-11-12 9:31 ` Uwe Brauer
2015-11-12 15:31 ` Adam Sjøgren
2015-11-13 18:55 ` Uwe Brauer
2015-11-14 15:37 ` Trust and public keys (was: S/MIME with OpenSSL?) Jens Lechtenboerger
2015-11-15 21:07 ` Trust and public keys Uwe Brauer
2015-11-16 21:15 ` Jens Lechtenboerger
2015-11-18 15:04 ` Uwe Brauer
2015-11-19 17:05 ` Jens Lechtenboerger
2015-11-22 18:09 ` [smime and gpg] (was: Trust and public keys) Uwe Brauer
2015-11-16 11:32 ` Trust and public keys Uwe Brauer
2015-11-12 19:20 ` S/MIME with OpenSSL? Peter Münster
2015-11-13 18:21 ` Uwe Brauer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87r3k0wjqx.fsf@informationelle-selbstbestimmung-im-internet.de \
--to=jens.lechtenboerger@fsfe.org \
--cc=help-gnu-emacs@gnu.org \
--cc=info-gnus-english@gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).