Announcements and discussions for Gnus, the GNU Emacs Usenet newsreader
 help / color / mirror / Atom feed
* Subject of PGP-encrypted emails
@ 2021-08-03 18:05 Adam Sjøgren
  2021-08-04  7:11 ` Lars Ingebrigtsen
  0 siblings, 1 reply; 8+ messages in thread
From: Adam Sjøgren @ 2021-08-03 18:05 UTC (permalink / raw)
  To: info-gnus-english

I just installed Thunderbird on my nephew's new school-computer (I'm not
starting him on Emacs just yet) and tried out the built-in PGP-support.

I noticed that instead of including an unencrypted Subject:-header, it
is replaced by "Subject: ..." and then 'filled in' when the message is
decrypted.

I wonder if anyone has looked into adapting Gnus to do something similar?

Or maybe just do the same extraction and 'filling in' of the Subject:
when reading an encrypted email sent from Thunderbird.

It looks like what Thunderbird does it that it generates an
encrypted.asc which decrypts to a MIME message, which has a part that
includes the Subject:-header:

  Content-Type: multipart/mixed; boundary="80MRq3onMnRYcWyMqpzN3xR7VKumL3WsW";
   protected-headers="v1"
  Subject: Dette er emnelinien
  From: Test Testersen <test@koldfront.dk>
  To: =?UTF-8?Q?Adam_Sj=c3=b8gren?= <asjo@koldfront.dk>
  Message-ID: <f66d7c92-9cfb-28ec-3f50-5e7c1132c832@koldfront.dk>

So the display-part is perhaps easier than the sending part.


I also noticed that Thunderbird included an Autocrypt:-header, which
seems to include the public key of the sender - I haven't looked into
it, but it might be worth adding support for that in Gnus as well? Or
maybe it's a waste of bandwidth...


  Best regards,

    Adam

-- 
 "Our voodoo-dolls are full of hopes"                       Adam Sjøgren
                                                       asjo@koldfront.dk



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-08-03 18:05 Subject of PGP-encrypted emails Adam Sjøgren
@ 2021-08-04  7:11 ` Lars Ingebrigtsen
  2021-09-02  7:47   ` Alberto Luaces
  0 siblings, 1 reply; 8+ messages in thread
From: Lars Ingebrigtsen @ 2021-08-04  7:11 UTC (permalink / raw)
  To: Adam Sjøgren; +Cc: info-gnus-english

Adam Sjøgren <asjo@koldfront.dk> writes:

> I noticed that instead of including an unencrypted Subject:-header, it
> is replaced by "Subject: ..." and then 'filled in' when the message is
> decrypted.

Hm...  I guess it would be possible to update the Summary buffer, too,
but it'd be pretty awkward -- do we want to redo the threading, for
instance? 

> I wonder if anyone has looked into adapting Gnus to do something similar?
>
> Or maybe just do the same extraction and 'filling in' of the Subject:
> when reading an encrypted email sent from Thunderbird.
>
> It looks like what Thunderbird does it that it generates an
> encrypted.asc which decrypts to a MIME message, which has a part that
> includes the Subject:-header:
>
>   Content-Type: multipart/mixed; boundary="80MRq3onMnRYcWyMqpzN3xR7VKumL3WsW";
>    protected-headers="v1"
>   Subject: Dette er emnelinien
>   From: Test Testersen <test@koldfront.dk>
>   To: =?UTF-8?Q?Adam_Sj=c3=b8gren?= <asjo@koldfront.dk>
>   Message-ID: <f66d7c92-9cfb-28ec-3f50-5e7c1132c832@koldfront.dk>
>
> So the display-part is perhaps easier than the sending part.

We could update the headers in the Article buffer easily enough, but on
the other hand -- if the user wants to respond to this in clear text,
hitting `C-d' first is easy enough, and ... do we want to encourage
responding to encrypted stuff in clear text?  (I mean, if we just
rewrite the Article buffer Subject/From/etc headers, then hitting `r'
will use those, and then we might reveal...  stuff...)

> I also noticed that Thunderbird included an Autocrypt:-header, which
> seems to include the public key of the sender - I haven't looked into
> it, but it might be worth adding support for that in Gnus as well? Or
> maybe it's a waste of bandwidth...

What does the Autocrypt header do?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-08-04  7:11 ` Lars Ingebrigtsen
@ 2021-09-02  7:47   ` Alberto Luaces
  2021-09-02  8:38     ` Colin Baxter
  0 siblings, 1 reply; 8+ messages in thread
From: Alberto Luaces @ 2021-09-02  7:47 UTC (permalink / raw)
  To: info-gnus-english

Lars Ingebrigtsen <larsi@gnus.org> writes:

>> I also noticed that Thunderbird included an Autocrypt:-header, which
>> seems to include the public key of the sender - I haven't looked into
>> it, but it might be worth adding support for that in Gnus as well? Or
>> maybe it's a waste of bandwidth...
>
> What does the Autocrypt header do?

https://autocrypt.org/ is a way for publishing your gpg public keys
automatically and collecting them as well, among other things.

There is quite a handful of MUAs using it, as thunderbird and deltachat:
https://autocrypt.org/dev-status.html

-- 
Alberto



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-09-02  7:47   ` Alberto Luaces
@ 2021-09-02  8:38     ` Colin Baxter
  2021-09-02  8:55       ` Alberto Luaces
  0 siblings, 1 reply; 8+ messages in thread
From: Colin Baxter @ 2021-09-02  8:38 UTC (permalink / raw)
  To: Alberto Luaces; +Cc: , info-gnus-english

>>>>> Alberto Luaces <aluaces@udc.es> writes:

    > Lars Ingebrigtsen <larsi@gnus.org> writes:
    >>> I also noticed that Thunderbird included an Autocrypt:-header,
    >>> which seems to include the public key of the sender - I haven't
    >>> looked into it, but it might be worth adding support for that in
    >>> Gnus as well? Or maybe it's a waste of bandwidth...
    >> 
    >> What does the Autocrypt header do?

    > https://autocrypt.org/ is a way for publishing your gpg public
    > keys automatically and collecting them as well, among other
    > things.

    > There is quite a handful of MUAs using it, as thunderbird and
    > deltachat: https://autocrypt.org/dev-status.html

    > -- Alberto


Doesn't autocrypt use the Web Key Directory (WKD) for PGP keys? This
seems a pain to set up <https://wiki.gnupg.org/WKD>.

Best wishes,



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-09-02  8:38     ` Colin Baxter
@ 2021-09-02  8:55       ` Alberto Luaces
  2021-09-02  9:11         ` Colin Baxter
  0 siblings, 1 reply; 8+ messages in thread
From: Alberto Luaces @ 2021-09-02  8:55 UTC (permalink / raw)
  To: info-gnus-english

Colin Baxter <m43cap@yandex.com> writes:

> Doesn't autocrypt use the Web Key Directory (WKD) for PGP keys? This
> seems a pain to set up <https://wiki.gnupg.org/WKD>.

AFAIK it doesn't, since everything is encoded into the message's
headers.  I have been using it without any WKD setup.

Nevertheless, that fact doesn't rule out that it can be used, but I
never heard about it.

-- 
Alberto



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-09-02  8:55       ` Alberto Luaces
@ 2021-09-02  9:11         ` Colin Baxter
  2021-09-02  9:18           ` Alberto Luaces
  0 siblings, 1 reply; 8+ messages in thread
From: Colin Baxter @ 2021-09-02  9:11 UTC (permalink / raw)
  To: Alberto Luaces; +Cc: , info-gnus-english

Hello Alberto,
>>>>> Alberto Luaces <aluaces@udc.es> writes:

    > Colin Baxter <m43cap@yandex.com> writes:
    >> Doesn't autocrypt use the Web Key Directory (WKD) for PGP keys?
    >> This seems a pain to set up <https://wiki.gnupg.org/WKD>.

    > AFAIK it doesn't, since everything is encoded into the message's
    > headers.  I have been using it without any WKD setup.

    > Nevertheless, that fact doesn't rule out that it can be used, but
    > I never heard about it.

Ok, my mistake. My question is getting to be a little off-topic, but if
WKD is not used then how is the key for a new recipient automatically
located?

Best wishes,

Colin.


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-09-02  9:11         ` Colin Baxter
@ 2021-09-02  9:18           ` Alberto Luaces
  2021-09-02  9:50             ` Colin Baxter
  0 siblings, 1 reply; 8+ messages in thread
From: Alberto Luaces @ 2021-09-02  9:18 UTC (permalink / raw)
  To: info-gnus-english

Colin Baxter <m43cap@yandex.com> writes:

> Hello Alberto,
>>>>>> Alberto Luaces <aluaces@udc.es> writes:
>
>     > Colin Baxter <m43cap@yandex.com> writes:
>     >> Doesn't autocrypt use the Web Key Directory (WKD) for PGP keys?
>     >> This seems a pain to set up <https://wiki.gnupg.org/WKD>.
>
>     > AFAIK it doesn't, since everything is encoded into the message's
>     > headers.  I have been using it without any WKD setup.
>
>     > Nevertheless, that fact doesn't rule out that it can be used, but
>     > I never heard about it.
>
> Ok, my mistake. My question is getting to be a little off-topic, but if
> WKD is not used then how is the key for a new recipient automatically
> located?

No problem.  It is a discovery protocol, so it grows stronger —so to
say— as far as the communication evolves.  You start sending a message
in the clear, but offer your key in the headers, so it is automatically
collected and used by your interlocutor in the following messages.  Of
course you have also to have an out-of-band mean of verifying the
identity of the other party.

Maybe I lost some details or explained it incorrectly, so here you will
find the idea: https://autocrypt.org/examples.html

-- 
Alberto



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: Subject of PGP-encrypted emails
  2021-09-02  9:18           ` Alberto Luaces
@ 2021-09-02  9:50             ` Colin Baxter
  0 siblings, 0 replies; 8+ messages in thread
From: Colin Baxter @ 2021-09-02  9:50 UTC (permalink / raw)
  To: Alberto Luaces; +Cc: , info-gnus-english

>>>>> Alberto Luaces <aluaces@udc.es> writes:

    > Colin Baxter <m43cap@yandex.com> writes:
    >> Hello Alberto,
    >>>>>>> Alberto Luaces <aluaces@udc.es> writes:
    >> 
    >> > Colin Baxter <m43cap@yandex.com> writes: >> Doesn't autocrypt
    >> use the Web Key Directory (WKD) for PGP keys?  >> This seems a
    >> pain to set up <https://wiki.gnupg.org/WKD>.
    >> 
    >> > AFAIK it doesn't, since everything is encoded into the
    >> message's > headers.  I have been using it without any WKD setup.
    >> 
    >> > Nevertheless, that fact doesn't rule out that it can be used,
    >> but > I never heard about it.
    >> 
    >> Ok, my mistake. My question is getting to be a little off-topic,
    >> but if WKD is not used then how is the key for a new recipient
    >> automatically located?

    > No problem.  It is a discovery protocol, so it grows stronger —so
    > to say— as far as the communication evolves.  You start sending a
    > message in the clear, but offer your key in the headers, so it is
    > automatically collected and used by your interlocutor in the
    > following messages.  Of course you have also to have an
    > out-of-band mean of verifying the identity of the other party.

    > Maybe I lost some details or explained it incorrectly, so here you
    > will find the idea: https://autocrypt.org/examples.html

I like the idea of sending the key in a header, with subsequent
automatic exchanges. That is very nice. :-)

Best wishes,

Colin.


^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2021-09-02  9:52 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-03 18:05 Subject of PGP-encrypted emails Adam Sjøgren
2021-08-04  7:11 ` Lars Ingebrigtsen
2021-09-02  7:47   ` Alberto Luaces
2021-09-02  8:38     ` Colin Baxter
2021-09-02  8:55       ` Alberto Luaces
2021-09-02  9:11         ` Colin Baxter
2021-09-02  9:18           ` Alberto Luaces
2021-09-02  9:50             ` Colin Baxter

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).