--- /dev/null
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by olra.theworths.org (Postfix) with ESMTP id 5ED99431FB6\r
+ for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 08:15:03 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+ autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+ by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 3zRVHtCvWDOK for <notmuch@notmuchmail.org>;\r
+ Fri, 14 Mar 2014 08:14:54 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by olra.theworths.org (Postfix) with ESMTP id A6098431FAE\r
+ for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 08:14:54 -0700 (PDT)\r
+Received: from [10.70.10.55] (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 5A47BF984;\r
+ Fri, 14 Mar 2014 11:14:51 -0400 (EDT)\r
+Message-ID: <53231CEC.6070101@fifthhorseman.net>\r
+Date: Fri, 14 Mar 2014 11:14:52 -0400\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+ rv:24.0) Gecko/20100101 Icedove/24.2.0\r
+MIME-Version: 1.0\r
+To: Baptiste <bateast@bat.fr.eu.org>, notmuch@notmuchmail.org\r
+Subject: Re: Smime signature verification in Notmuch - Emacs\r
+References: <87y50r42do.fsf@bat.fr.eu.org>\r
+ <531F4FDD.6000506@fifthhorseman.net> <87siqlrqq8.fsf@bat.fr.eu.org>\r
+In-Reply-To: <87siqlrqq8.fsf@bat.fr.eu.org>\r
+X-Enigmail-Version: 1.6\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+ protocol="application/pgp-signature";\r
+ boundary="XE5cd1LDwo1B8WC14iSwGgifT8sWAa3Fe"\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 14 Mar 2014 15:15:03 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+--XE5cd1LDwo1B8WC14iSwGgifT8sWAa3Fe\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+Hi Baptiste--\r
+\r
+On 03/14/2014 06:58 AM, Baptiste wrote:\r
+\r
+> firstly, sorry for my previous mail, you are right, it was broken. This=\r
+ one=20\r
+> should be better.\r
+\r
+i didn't mean to imply it was broken at all. i haven't tested it :)\r
+\r
+> Truly, it would be better to implement it directly in notmuch core.\r
+\r
+i agree with this.\r
+\r
+> Signature verification just present a line with the signature owner and=\r
+ the=20\r
+> trust chain status (/green/ for good verification, /orange/ for self si=\r
+gned only=20\r
+> signature). No verification is made today against :From field.\r
+\r
+what does "good verification" mean? This seems to imply that there is a\r
+trusted root store used. how does the user configure this trust store?\r
+ what about non-self-signed and unvalidated certificates? (e.g. certs by\r
+unknown issuers, certs by known but untrusted issuers, certs with\r
+unknown signature algorithms, certs without proper EKUs for creating\r
+S/MIME signatures, etc.)\r
+\r
+> (green) [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]\r
+> (orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.=\r
+fr.eu.org ]\r
+\r
+the use of 08F4ED here is a bit confusing. i see from further below\r
+that this refers to the serial number of the cert; but serial numbers\r
+are not guaranteed to be unique (they are supposed to be unique across\r
+issuers, but most root trust stores (and X.509 chains) can accept\r
+certifications from different issuers). what does displaying this\r
+information do for the user?\r
+\r
+> My opinion is that S/MIME is more and more widely used today, and then =\r
+relying=20\r
+> only on gpg for signature or encryption is a bit rough.\r
+\r
+I agree that S/MIME support would be nice; i think implementing it in\r
+the notmuch core is the way to go. fwiw, gmime already has a\r
+cryptocontext that is supposed to handle S/MIME; it just needs proper\r
+integration, similar to the PGP/MIME integration in notmuch core:\r
+\r
+ https://developer.gnome.org/gmime/stable/GMimePkcs7Context.html\r
+\r
+This has been on my plate for, uh, over a year now, but clearly i\r
+haven't gotten to it, and would be happy if someone else wanted to pick\r
+it up.\r
+\r
+ --dkg\r
+\r
+\r
+--XE5cd1LDwo1B8WC14iSwGgifT8sWAa3Fe\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+Comment: Using GnuPG with Icedove - http://www.enigmail.net/\r
+\r
+iQJ8BAEBCgBmBQJTIxzsXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcwF4QANWfbKZY7MjBVJO231hvbSsl\r
+uAD9UUlLhj/JI0GfusGewoRhpPV11CUmjJKGQz28MIW4xw79w5Pbx/cR7eP2SsEW\r
+YeHoh7N6pbaTMaS2Uhv1ksgMuUxyaUMmg38HqOEhuIp3DwW0NRYlpiV85PCxgxJV\r
+J7pPMkvxOboNErORFjtsmXt4aoQXgmmp9Rj2KAZTKjFPEBhcpdCQgjQ81Hj6HoPs\r
+wcFBlVTEy0f1bcrXMwyflm8Va2XB2wT1gkOJo35Alml8wmHCzfAGWx1VqZ+i8ftq\r
+23CDZJtyZwUd27ewrmKnuYQuLc4QthFR0ckUugY9nDG3mgBq2kJ7g2dHNR7XJ/Sc\r
+htQs+PGghRrm7FhIZAZy9L7HiC3FuBS1sWMbzWZlM1q+9F1Iw7UyHHkNmgstBElq\r
+8vHCRJNpIP80+/S+jFZGVAPJ9Ikb3tUJpTu3poNrqVks19eMXe0rngC4dbR0zCP2\r
+/1n7CloUKhvctbzZ9/H1umKtXaipazxGvIb95A2pFO6t3Eefsy9cFf/YNQMIej1Q\r
+QDqx8sTXhoMNQ+uL5V4RY7KRBgEi7BoS6exYKeHS3/JEpKfOtRh9DCxNeVt5A2BG\r
+WAxMKQklddRlJAYc99QPiJp4lqPvUHJCm/6/KOmhfv8P7JiYfCcARSmFJ7JuojQ3\r
+bLc+E+QQI6v6v19efDWg\r
+=6caX\r
+-----END PGP SIGNATURE-----\r
+\r
+--XE5cd1LDwo1B8WC14iSwGgifT8sWAa3Fe--\r
projects / notmuch-archives.git / blobdiff