From: david.goldberg6@verizon.net (David S. Goldberg)
Subject: Re: Automatic retrieval of certificates (S/MIME)
Date: Thu, 27 Jan 2005 14:31:40 -0500 [thread overview]
Message-ID: <mj7d5vqd5yc.fsf@mm117419-pc.MITRE.ORG> (raw)
In-Reply-To: <ilu3bwm90yp.fsf@latte.josefsson.org>
[-- Attachment #1: Type: text/plain, Size: 2061 bytes --]
>>>>> On Thu, 27 Jan 2005 19:33:02 +0100, Simon Josefsson
>>>>> <jas@extundo.com> said:
> Yes, although I'm not sure how to implement that. Mapping e-mail
> addresses to S/MIME certificates is not well standardized under Unix.
> There is no per-user S/MIME directory on the local machine to use.
> If you want to think about how this would work, and perhaps implement
> it, that would be very useful.
It's not trivial. At work we keep keys in an LDAP database and I use
EUDC to fetch those I need into a local directory. Then I've got some
helper functions I wrote (attached to the end of this message) that
map the addresses in the To and CC headers to keys in the directory,
verify the keys, and build the necessary mml. The main entry point
for signing and encrypting is dsg-message-smime-message. This works
fine for me, but I expect it's not a general solution.
> Your analysis is correct. There is a variable that you can set so the
> GCC'd copy contain the raw MML tags instead of the encoded version.
> The reason for encoding things twice is that encoding a message for
> mail/news is in theory different from encoding it for GCC. The same
> formatting logic cannot always be used. So that's why Gnus encode the
> message twice. It is arguable a bug. On the other hand, a better
> solution might be to make S/MIME sign/encrypt so smooth that you
> wouldn't care that it is encoded twice.
I also find it annoying to have to type my passphrase twice per
message. I keep hearing that gpg will soon support s/mime. If/when
that happens, would the pgg interface then take care of this?
> You can specify the key/cert in the MML tags, if that is what you
> meant. See 'MML Definition' in the Emacs MIME manual. You can say,
> e.g.:
> <#part sign=smime keyfile="~/cacert.user.key">
I use <#multipart> which ends up being a complete replacement the
<#secure> tag in that the signature applies to the entire message.
I've never got the <#secure> tat to work if there are multiple
recipients.
--
Dave Goldberg
david.goldberg6@verizon.net
[-- Attachment #2: Type: application/emacs-lisp, Size: 9750 bytes --]
next prev parent reply other threads:[~2005-01-27 19:31 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-01-27 11:13 Stefan Kamphausen
2005-01-27 18:33 ` Simon Josefsson
2005-01-27 19:31 ` David S. Goldberg [this message]
2005-02-05 11:25 ` Simon Josefsson
2005-02-07 15:46 ` David S. Goldberg
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=mj7d5vqd5yc.fsf@mm117419-pc.MITRE.ORG \
--to=david.goldberg6@verizon.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).