From: Jameson Graef Rollins Date: Sat, 17 Jan 2015 22:54:54 +0000 (+1600) Subject: Re: [PATCH] test: initial tests for smime X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=c6749296fa895f3589df3e2d39f626bfe47a4fd1;p=notmuch-archives.git Re: [PATCH] test: initial tests for smime --- diff --git a/ea/5a3d3b55fce0281cb132f640afcda74e3eac39 b/ea/5a3d3b55fce0281cb132f640afcda74e3eac39 new file mode 100644 index 000000000..8d1d364b8 --- /dev/null +++ b/ea/5a3d3b55fce0281cb132f640afcda74e3eac39 @@ -0,0 +1,122 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id BFAF0431FB6 + for ; Sat, 17 Jan 2015 14:55:03 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0.138 +X-Spam-Level: +X-Spam-Status: No, score=0.138 tagged_above=-999 required=5 + tests=[DNS_FROM_AHBL_RHSBL=2.438, RCVD_IN_DNSWL_MED=-2.3] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id QK1BsjEm9z01 for ; + Sat, 17 Jan 2015 14:55:00 -0800 (PST) +Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu + [131.215.239.19]) + (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 8ED34431FAF + for ; Sat, 17 Jan 2015 14:55:00 -0800 (PST) +Received: from smtp02.caltech.edu (localhost [127.0.0.1]) + by filter-return (Postfix) with ESMTP id A381E6C0469; + Sat, 17 Jan 2015 14:54:58 -0800 (PST) +X-Spam-Scanned: at Caltech-IMSS on smtp02.caltech.edu by amavisd-new +Received: from finestructure.net (cpe-104-173-172-86.socal.res.rr.com + [104.173.172.86]) + (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) + (No client certificate requested) (Authenticated sender: jrollins) + by smtp-server.its.caltech.edu (Postfix) with ESMTPSA id 250476C0391; + Sat, 17 Jan 2015 14:54:58 -0800 (PST) +Received: by finestructure.net (Postfix, from userid 1000) + id E211D60142; Sat, 17 Jan 2015 14:54:57 -0800 (PST) +From: Jameson Graef Rollins +To: David Bremner , Notmuch Mail +Subject: Re: [PATCH] test: initial tests for smime +In-Reply-To: <87sif99h3c.fsf@maritornes.cs.unb.ca> +References: <87wq4ltbma.fsf@servo.finestructure.net> + <1421530691-14060-1-git-send-email-david@tethera.net> + <87twzpt6e8.fsf@servo.finestructure.net> + <87sif99h3c.fsf@maritornes.cs.unb.ca> +User-Agent: Notmuch/0.19+28~g3915564 (http://notmuchmail.org) Emacs/24.4.1 + (x86_64-pc-linux-gnu) +Date: Sat, 17 Jan 2015 14:54:54 -0800 +Message-ID: <87r3utt3up.fsf@servo.finestructure.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha256; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sat, 17 Jan 2015 22:55:03 -0000 + +--=-=-= +Content-Type: text/plain + +On Sat, Jan 17 2015, David Bremner wrote: +>> But do we really need to test the message output of openssl? It seems +>> like it's broken, and if it ever gets fixed we'll need to change this +>> test. +> +> I think it's not so much broken as "canonical". There is some discussion +> in the openssl-smime man page that pointed me to RFC5751 +> para 3.1.1 +> +> MIME entities of major type "text" MUST have both their line endings +> and character set canonicalized. The line ending MUST be the pair of +> characters + +Interesting, and oh well. Not going to fall down that rabbit hole! + +>> But all we really care about is that openssl is properly verifying the +>> message, yes? Why not just test that and forget about the rest of +>> openssl's output? +> +> Maybe it doesn't add too much as long as the message is using the "clear +> signed" multipart/signed format. On the other hand there is an opaque +> signed format (application/pkcs7-mime with Signeddata) too, where it +> would be interesting to check for mangling of the text. Similarly, when +> we add a similar test for encryption, I think we do want to check the +> content, so we'll have to figure this out at some point. + +But at any point are we using the output of the message piped through +openssl? Does gmime (possibly via gpgsm) actually pipe the message +through openssl before further parsing it? If so, then I guess we do +care about what openssl does to the original message. If not, then I'm +still not sure we care. + +jamie. + +--=-=-= +Content-Type: application/pgp-signature; name="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAEBCAAGBQJUuug+AAoJEO00zqvie6q8ZYsQAJe8WdWAjVbqWIBM//b0FXL7 +t2i9Jc658NyukDVjOyk0tC3ZL/nktupl1dg8Awn5ddTPNxjB8XVgAur1uXXZqwIS +i6rJyQEPoLp/FyHKwr0ox+6Wtvoq6fl4nMy15nUexsGo1hFYgCnop9rWu786aRd+ +GOfMhEqk6NjxOygCMsYu+uBlnX0iusQ6BlkTnBf0h/2ULbajebNtNWtw4lfRspl3 +GkU9vTQvyQEXzcZZnxYswBWxtx3JZbni0dZvDhJWQm0bLY7pqyWPH+2e8iS/RDdL +BbvIUVmaIHIHoFUkPQdWH/Nq1U0yHwjxEYsTpmJxmQav5+vu7SLa2RNOIDx7ovbx +HRW1t0TUgNtN1Yy3bqq0T8lmraln7a1+Egwn9O+Ki9dNXidonInJwNyupBLwkaJc +EGdl0ve3RsVPccfA4WLaxfG5S6odRgMdfB/HXmhAsDsAhO6vcjgJ5VsEBYES39f6 +OJRqc0g8j59iUk6FxJRs6b5nz/KmGUf5r0FV7xA7AmOh45o8w7sP07kq1LTbPHB6 +f5qassQc5LPjBgqmAhtc9ntWsmzFVE/E04WLGCId03AcStLp3GrqrICnfTXd3wXC +3pU4hwXdW5ig9SEQaPqEkfsVLIuLLEP4qpcYfQKC7iotv1QE4Q2VIueYv5jWw41s +1Rk/FI5SvJDnWaBQSG0g +=/AJB +-----END PGP SIGNATURE----- +--=-=-=--