Return-Path: <dkg@fifthhorseman.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 17FF7431FBD
	for <notmuch@notmuchmail.org>; Fri, 28 Jun 2013 08:13:27 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
	autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id 8cg-SO+y2RnT for <notmuch@notmuchmail.org>;
	Fri, 28 Jun 2013 08:13:19 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
	by olra.theworths.org (Postfix) with ESMTP id E6FE6431FB6
	for <notmuch@notmuchmail.org>; Fri, 28 Jun 2013 08:13:18 -0700 (PDT)
Received: from [192.168.23.229] (dsl254-070-154.nyc1.dsl.speakeasy.net
	[216.254.70.154])
	by che.mayfirst.org (Postfix) with ESMTPSA id B6901F979;
	Fri, 28 Jun 2013 11:13:16 -0400 (EDT)
Message-ID: <51CDA80A.9050700@fifthhorseman.net>
Date: Fri, 28 Jun 2013 11:13:14 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130518 Icedove/17.0.5
MIME-Version: 1.0
To: David Bremner <david@tethera.net>
Subject: Re: Emacs not finding keys to verify signatures
References:
 <87sj07a72g.fsf@thinkpad.i-did-not-set--mail-host-address--so-tickle-me>
	<87sj028ovv.fsf@zancas.localnet> <87ehbmpeg5.fsf@mbp.dbpmail.net>
	<87zjua9sxi.fsf@convex-new.cs.unb.ca>
In-Reply-To: <87zjua9sxi.fsf@convex-new.cs.unb.ca>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2OHGJQORHRDAFGBXAMMAP"
Cc: notmuch@notmuchmail.org
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Fri, 28 Jun 2013 15:13:27 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2OHGJQORHRDAFGBXAMMAP
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

On 06/28/2013 11:05 AM, David Bremner wrote:
> Daniel Patterson <dbp@dbpmail.net> writes:
>=20
>> One thing I forgot to mention - I have notmuch running on a remote
>> server through ssh. I don't really imagine this would be an issue, but=

>> maybe? (I also have the library installed locally, for emacs).
>=20
> The verification of the message happens in the notmuch CLI, so on the
> the remote host. I guess the downloading is happening on the local host=
,
> so that is quite possibly the problem.

i'm quite sure this is the problem, that was a relevant bit of info to
include :)

Daniel: on your remote host, have you tried fetching the relevant keys
into your gpg keyring?  you don't need to create any secret key material
on the remote host, just fetch the keys as you normally would any other
user's public key material; then you'll want to mark your own key as
"ultimately" trusted on the remote host.

So, for example, on the remote host:

 gpg --keyserver ha.pool.sks-keyservers.net --recv
0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0

 gpg --edit-key 0x36EEAD9EA53D20B79C383EED2747EC48A98D4AF0 trust

you'll want to maintain this public keyring on that host to be able to
verify the messages, but you don't need to do anything else with it.

this makes me wonder if the actions that get triggered on those
"unverified" crypto buttons in the display interface need to be
customizable to send the commands to a remote gpg as well, instead of
assuming that they are local.

please report back with how that works for you!

	--dkg


------enig2OHGJQORHRDAFGBXAMMAP
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJRzagMXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpc//MP/RaS0FTtnfPoMxc97/4gUJq2
QmJC7RK/uES6Vdmg+/LrykkU3a6085u5QwWM3ZzdUJYLUgveCb/bMHAGS3tKTxoy
P2lHBwv5K+OQc+yoiciWQhq6DT0YsvQEM3v51QI+43MQmomqIN2UU7x2L7wveAfX
hV1DtKy7WkWV11GKn7c28LoiUQTcWJPHkTBxuHddgwf1SEpWu+YJ8rAg60DqIJzZ
CDPhHzO1Rk96drTvXll5KFGOIl7deEOWd4N5bmiwnfSvoxf56B2aGoIbaQ8M1NWS
h4SWVIYIvPbO6CwbIJw9wlEZZtTEGtKqjQBmoq47gLqSNmFO6whdlUm1OeqZz+Qe
ElY9UZeEk17ipWi9L1YkwHArxPKrZ0w4ctbfwTc7Ja3O5GgF9EcGMWNlamWhCi7X
34dGjthCJExVkIo7uBDyjI+HkQCIOl0+at4Oc88aRF6hCz3hETxYl6G/RKAzawd+
OOVfkKGefUYyJ1z1VGUyCp/m3MVd7V+U7h4RTKVo/OV1PubNdZUGDfpR60i0PYeB
bnQNyDnlqdxfjLBBbxzrhr/MojmDDftAEHxH7dqfq7w/cwo5wy85fK8HGdvill9f
22sOJpo0pW/l1LXwVYfQ7LDYHvAewouEugczqcucOnPqu4g7JlY+aiAcbDwrvCt9
2QpktiEAWTQvYcPI488V
=ZtS/
-----END PGP SIGNATURE-----

------enig2OHGJQORHRDAFGBXAMMAP--