From: Baptiste <bateast@bat.fr.eu.org>
Date: Fri, 14 Mar 2014 10:58:55 +0000 (+0100)
Subject: Re: Smime signature verification in Notmuch - Emacs
X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=b2685229339f98957126dbb3011313947341b0a2;p=notmuch-archives.git

Re: Smime signature verification in Notmuch - Emacs
---

diff --git a/19/d7239d31c6ebbde24362e4254915fb192627d6 b/19/d7239d31c6ebbde24362e4254915fb192627d6
new file mode 100644
index 000000000..69a174b50
--- /dev/null
+++ b/19/d7239d31c6ebbde24362e4254915fb192627d6
@@ -0,0 +1,254 @@
+Return-Path: <bateast@bat.fr.eu.org>
+X-Original-To: notmuch@notmuchmail.org
+Delivered-To: notmuch@notmuchmail.org
+Received: from localhost (localhost [127.0.0.1])
+	by olra.theworths.org (Postfix) with ESMTP id 3C397431FAF
+	for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:25 -0700 (PDT)
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
+X-Spam-Flag: NO
+X-Spam-Score: 1.741
+X-Spam-Level: *
+X-Spam-Status: No, score=1.741 tagged_above=-999 required=5
+	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
+	MIME_HTML_ONLY=1.105] autolearn=disabled
+Received: from olra.theworths.org ([127.0.0.1])
+	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
+	with ESMTP id dwe1n+PAlwDg for <notmuch@notmuchmail.org>;
+	Fri, 14 Mar 2014 04:00:18 -0700 (PDT)
+Received: from mx1a.lautre.net (mx1a.lautre.net [80.67.160.71])
+	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
+	(No client certificate requested)
+	by olra.theworths.org (Postfix) with ESMTPS id 25188431FAE
+	for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:18 -0700 (PDT)
+Received: from arch-vm (unknown [109.21.163.7])
+	(using TLSv1 with cipher AES128-SHA (128/128 bits))
+	(No client certificate requested)
+	(Authenticated sender: bateast@bat.fr.eu.org)
+	by mx1a.lautre.net (Postfix) with ESMTPSA id 796E8A108A;
+	Fri, 14 Mar 2014 12:00:13 +0100 (CET)
+From: Baptiste <bateast@bat.fr.eu.org>
+To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, notmuch@notmuchmail.org
+Subject: Re: Smime signature verification in Notmuch - Emacs
+In-Reply-To: <531F4FDD.6000506@fifthhorseman.net>
+Organization: bat.fr.eu.org
+References: <87y50r42do.fsf@bat.fr.eu.org>
+ <531F4FDD.6000506@fifthhorseman.net>
+User-Agent: Notmuch/0.17+81~g718d58a (http://notmuchmail.org) Emacs/24.3.50.2
+	(i686-pc-linux-gnu)
+Date: Fri, 14 Mar 2014 11:58:55 +0100
+Message-ID: <87siqlrqq8.fsf@bat.fr.eu.org>
+MIME-Version: 1.0
+Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
+	micalg="sha1"; boundary="----7A9AC58F7D949A2C35A72AFA089957FC"
+X-Mailman-Approved-At: Mon, 17 Mar 2014 02:21:11 -0700
+X-BeenThere: notmuch@notmuchmail.org
+X-Mailman-Version: 2.1.13
+Precedence: list
+List-Id: "Use and development of the notmuch mail system."
+	<notmuch.notmuchmail.org>
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>
+List-Post: <mailto:notmuch@notmuchmail.org>
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
+	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
+X-List-Received-Date: Fri, 14 Mar 2014 11:00:25 -0000
+
+This is an S/MIME signed message
+
+------7A9AC58F7D949A2C35A72AFA089957FC
+Content-Type: text/html; charset=utf-8
+Content-Transfer-Encoding: quoted-printable
+
+<p>
+Hi,<br  />
+</p>
+
+<p>
+thanks you for your answer.<br  />
+</p>
+
+<p>
+firstly, sorry for my previous mail, you are right, it was broken. This one=
+ should be better.<br  />
+</p>
+
+<p>
+Anyway, my goal was to make S/MIME messages to work with <code>notmuch</cod=
+e>. Actually, I am not looking to modify directly <i>notmuch</i> (well, I h=
+ave no good reason for not doing it), so I hooked the notmuch emacs interfa=
+ce. I does work today with S/MIME signature and I am currently working on e=
+ncryption, though it have no clew how to recreate s-exp after decryption to=
+ re-inject into <i>notmuch-show</i> emacs function.<br  />
+</p>
+
+<p>
+Truly, it would be better to implement it directly in notmuch core.<br  />
+</p>
+
+<p>
+Signature verification just present a line with the signature owner and the=
+ trust chain status (<i>green</i> for good verification, <i>orange</i> for =
+self signed only signature). No verification is made today against :From fi=
+eld.<br  />
+</p>
+
+<p>
+As for example=C2=A0:<br  />
+</p>
+<pre class=3D"example">
+(green)  [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]
+</pre>
+<p>
+or<br  />
+</p>
+<pre class=3D"example">
+(orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.fr.e=
+u.org ]
+</pre>
+
+<p>
+and if you click on button, you get key description=C2=A0:<br  />
+</p>
+
+<pre class=3D"example">
+Certificate:
+    Data:
+        Version: 3 (0x2)
+        Serial Number: 586989 (0x8f4ed)
+    Signature Algorithm: sha1WithRSAEncryption
+        Issuer: C=3DIL, O=3DStartCom Ltd., OU=3DSecure Digital Certificate =
+Signing, CN=3DStartCom Class 1 Primary Intermediate Client CA
+        Validity
+            Not Before: Feb 11 19:01:56 2014 GMT
+...
+</pre>
+
+<p>
+My opinion is that S/MIME is more and more widely used today, and then rely=
+ing only on gpg for signature or encryption is a bit rough.<br  />
+</p>
+
+<p>
+Thank you,<br  />
+</p>
+
+<hr  />
+<p>
+<b>Le mar., mars 11 2014, Daniel Kahn Gillmor a =C3=A9crit</b><br  />
+</p>
+
+<p>
+Hi Baptiste<br  />
+</p>
+
+<p>
+i'm interested in the functionality you're describing, but i confess i'm co=
+nfused by the syntax of your e-mail and the structure of the file in questi=
+on, as well as how you think it should be related to the notmuch project.  =
+This might all be obvious to other people; sorry for my confusion!<br  />
+</p>
+
+<p>
+Do you think this should be integrated into notmuch and shipped with it? if=
+ so, can you provide it as a standard patch for folks here to review?<br  />
+</p>
+
+<p>
+Some questions worth documenting if possible:<br  />
+</p>
+
+<ul class=3D"org-ul">
+<li>do you expect this to work for S/MIME encrypted messages as well as S/M=
+IME signed messages?<br  />
+</li>
+
+<li>is there a reason to do this only in emacs?  PGP/MIME-signed (and -encr=
+ypted) messages can be parsed directly by libnotmuch so they are useful in =
+other contexts as well<br  />
+</li>
+
+<li>what key management model does this code assume and/or enforce?  how do=
+ we know which keys belong to which users?<br  />
+</li>
+</ul>
+
+<p>
+Thanks for working on notmuch!<br  />
+</p>
+
+<p>
+Regards,<br  />
+</p>
+
+<p>
+&#x2013;dkg<br  />
+</p>
+
+
+<p>
+&#x2013;<br  />
+</p>
+
+<pre class=3D"example">
+~^v^~ Bat
+</pre>
+
+------7A9AC58F7D949A2C35A72AFA089957FC
+Content-Type: application/x-pkcs7-signature; name="smime.p7s"
+Content-Transfer-Encoding: base64
+Content-Disposition: attachment; filename="smime.p7s"
+
+MIIJGwYJKoZIhvcNAQcCoIIJDDCCCQgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
+DQEHAaCCBkwwggZIMIIFMKADAgECAgMI9O0wDQYJKoZIhvcNAQEFBQAwgYwxCzAJ
+BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
+cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv
+bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDAy
+MTExOTAxNTZaFw0xNTAyMTIyMjAxMThaMGExGTAXBgNVBA0TEEY2NkE5OGZkb2FN
+Q0k4Qk4xHjAcBgNVBAMMFWJhdGVhc3RAYmF0LmZyLmV1Lm9yZzEkMCIGCSqGSIb3
+DQEJARYVYmF0ZWFzdEBiYXQuZnIuZXUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAyZVzZ9wZRF2ws0rxniwRZ66Eyd+G98Cx61SPc7X1siZFsdwt
+yF+L2KI5tDIBt3uhbM5uLSNQIxysz2iDyLWxo7+u+Ot5MYOu3BCCcWyrqHJMErZG
+dWte3HlyN2suzK9j4NDwHippcgCH8ImRJ/sPH+Q9tRnr2Y6fs0LH4fH9WCrr/kR9
+kniUSnyVL5iW06ZbIS+6Pwd4VIkB6ctaq5Zro3HA75alsW6qZ5QTwJKPb4zAKMlm
+jsbQqd8VtBMjVL9FqDTIGBfvCtsSY3x8WwETw0O0ks6V3KCe3qD9o7bt66QmcH6u
+yFLnFwBBWl53q6Uj+f9HyDN6oKlQMEVykDs0KwIDAQABo4IC2zCCAtcwCQYDVR0T
+BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
+MB0GA1UdDgQWBBR1jaZYWD3I4/WRf66Lp+7n1c3CDjAfBgNVHSMEGDAWgBRTcu2S
+nODaywFcfH6WNU7y1LhRgjAgBgNVHREEGTAXgRViYXRlYXN0QGJhdC5mci5ldS5v
+cmcwggFMBgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEF
+BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYB
+BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB
+ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl
+IENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t
+IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv
+c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u
+cy4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0
+dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov
+L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUF
+BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs
+aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v
+MA0GCSqGSIb3DQEBBQUAA4IBAQBuipeKxSwZNTsTF1uY9CHWFvHDRrhWROKQ/3oB
+cI6nV7MgXAvKxXqLGdq+N6URtKTspPuZz0pWMtHF6Sgu6mzeiXGS3ZOtz6Kq/q9Y
+raogWBYjgqp5GQwl8uKG7VW4BQPtop8DyrgP0IV97enY5qTTCmT5GsLrT6t2y5CY
+o7N1yMcukSq6VlQwm4JNrNcWK16kBO+7HwJ0JYGl9jF9ITyvsVWEg9/6uNjNT4Gs
+hZs4T1KFVA+fuKwWQXs0INZevU8UgTduKdofA4Z9+AxCm5yjfV1S+am47LqmX3hQ
+6hUtP36pa1OqeeMXYi210UmcnONJsAxFbMYyvWSVq+VntBwyMYIClzCCApMCAQEw
+gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD
+VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQD
+Ey9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD
+QQIDCPTtMAkGBSsOAwIaBQCggdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
+BgkqhkiG9w0BCQUxDxcNMTQwMzE0MTA1OTAwWjAjBgkqhkiG9w0BCQQxFgQUvJap
+oazocYXOILg8KwPnQM5tju4weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASow
+CwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0D
+AgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ
+KoZIhvcNAQEBBQAEggEAY1Y7F2BmpA8iB/UIgQlB85MrTmRv/L2nrqnHyn5b2TWw
+1PXSVvQeUPQVdo472gNeeqjOdUxjyFciLK0fsYXJNBwL991Up3RfBT+2seATtCXK
+Q38NidMf2u2+rH3m/WQjEZQ26PxwkoBEqUcBh5BOlvucqZWd65tW3fmeN/cAq6m5
+laoLJzM93Xewxekas1QfriSFrWpkZR/yJ9InUJe+sYX/pEAWF50rsSdwkOtb0SbP
+gqGOtlcnGpPCOrhCZbz6UaPc7kbxeap6IQo23ni0rSuySjbzizL7wIYGftpHXh5n
+Da2BLlSMLw00mj414S25lnXB7SnqtUaYHVDGUrqfIA==
+
+------7A9AC58F7D949A2C35A72AFA089957FC--
+