Re: Smime signature verification in Notmuch - Emacs

[notmuch-archives.git] / 19 / d7239d31c6ebbde24362e4254915fb192627d6

Return-Path: <bateast@bat.fr.eu.org>\r
X-Original-To: notmuch@notmuchmail.org\r
Delivered-To: notmuch@notmuchmail.org\r
Received: from localhost (localhost [127.0.0.1])\r
        by olra.theworths.org (Postfix) with ESMTP id 3C397431FAF\r
        for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:25 -0700 (PDT)\r
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
X-Spam-Flag: NO\r
X-Spam-Score: 1.741\r
X-Spam-Level: *\r
X-Spam-Status: No, score=1.741 tagged_above=-999 required=5\r
        tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,\r
        MIME_HTML_ONLY=1.105] autolearn=disabled\r
Received: from olra.theworths.org ([127.0.0.1])\r
        by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
        with ESMTP id dwe1n+PAlwDg for <notmuch@notmuchmail.org>;\r
        Fri, 14 Mar 2014 04:00:18 -0700 (PDT)\r
Received: from mx1a.lautre.net (mx1a.lautre.net [80.67.160.71])\r
        (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))\r
        (No client certificate requested)\r
        by olra.theworths.org (Postfix) with ESMTPS id 25188431FAE\r
        for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:18 -0700 (PDT)\r
Received: from arch-vm (unknown [109.21.163.7])\r
        (using TLSv1 with cipher AES128-SHA (128/128 bits))\r
        (No client certificate requested)\r
        (Authenticated sender: bateast@bat.fr.eu.org)\r
        by mx1a.lautre.net (Postfix) with ESMTPSA id 796E8A108A;\r
        Fri, 14 Mar 2014 12:00:13 +0100 (CET)\r
From: Baptiste <bateast@bat.fr.eu.org>\r
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, notmuch@notmuchmail.org\r
Subject: Re: Smime signature verification in Notmuch - Emacs\r
In-Reply-To: <531F4FDD.6000506@fifthhorseman.net>\r
Organization: bat.fr.eu.org\r
References: <87y50r42do.fsf@bat.fr.eu.org>\r
 <531F4FDD.6000506@fifthhorseman.net>\r
User-Agent: Notmuch/0.17+81~g718d58a (http://notmuchmail.org) Emacs/24.3.50.2\r
        (i686-pc-linux-gnu)\r
Date: Fri, 14 Mar 2014 11:58:55 +0100\r
Message-ID: <87siqlrqq8.fsf@bat.fr.eu.org>\r
MIME-Version: 1.0\r
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";\r
        micalg="sha1"; boundary="----7A9AC58F7D949A2C35A72AFA089957FC"\r
X-Mailman-Approved-At: Mon, 17 Mar 2014 02:21:11 -0700\r
X-BeenThere: notmuch@notmuchmail.org\r
X-Mailman-Version: 2.1.13\r
Precedence: list\r
List-Id: "Use and development of the notmuch mail system."\r
        <notmuch.notmuchmail.org>\r
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
List-Post: <mailto:notmuch@notmuchmail.org>\r
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
        <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
X-List-Received-Date: Fri, 14 Mar 2014 11:00:25 -0000\r
\r
This is an S/MIME signed message\r
\r
------7A9AC58F7D949A2C35A72AFA089957FC\r
Content-Type: text/html; charset=utf-8\r
Content-Transfer-Encoding: quoted-printable\r
\r
<p>\r
Hi,<br  />\r
</p>\r
\r
<p>\r
thanks you for your answer.<br  />\r
</p>\r
\r
<p>\r
firstly, sorry for my previous mail, you are right, it was broken. This one=\r
 should be better.<br  />\r
</p>\r
\r
<p>\r
Anyway, my goal was to make S/MIME messages to work with <code>notmuch</cod=\r
e>. Actually, I am not looking to modify directly <i>notmuch</i> (well, I h=\r
ave no good reason for not doing it), so I hooked the notmuch emacs interfa=\r
ce. I does work today with S/MIME signature and I am currently working on e=\r
ncryption, though it have no clew how to recreate s-exp after decryption to=\r
 re-inject into <i>notmuch-show</i> emacs function.<br  />\r
</p>\r
\r
<p>\r
Truly, it would be better to implement it directly in notmuch core.<br  />\r
</p>\r
\r
<p>\r
Signature verification just present a line with the signature owner and the=\r
 trust chain status (<i>green</i> for good verification, <i>orange</i> for =\r
self signed only signature). No verification is made today against :From fi=\r
eld.<br  />\r
</p>\r
\r
<p>\r
As for example=C2=A0:<br  />\r
</p>\r
<pre class=3D"example">\r
(green)  [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]\r
</pre>\r
<p>\r
or<br  />\r
</p>\r
<pre class=3D"example">\r
(orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.fr.e=\r
u.org ]\r
</pre>\r
\r
<p>\r
and if you click on button, you get key description=C2=A0:<br  />\r
</p>\r
\r
<pre class=3D"example">\r
Certificate:\r
    Data:\r
        Version: 3 (0x2)\r
        Serial Number: 586989 (0x8f4ed)\r
    Signature Algorithm: sha1WithRSAEncryption\r
        Issuer: C=3DIL, O=3DStartCom Ltd., OU=3DSecure Digital Certificate =\r
Signing, CN=3DStartCom Class 1 Primary Intermediate Client CA\r
        Validity\r
            Not Before: Feb 11 19:01:56 2014 GMT\r
...\r
</pre>\r
\r
<p>\r
My opinion is that S/MIME is more and more widely used today, and then rely=\r
ing only on gpg for signature or encryption is a bit rough.<br  />\r
</p>\r
\r
<p>\r
Thank you,<br  />\r
</p>\r
\r
<hr  />\r
<p>\r
<b>Le mar., mars 11 2014, Daniel Kahn Gillmor a =C3=A9crit</b><br  />\r
</p>\r
\r
<p>\r
Hi Baptiste<br  />\r
</p>\r
\r
<p>\r
i'm interested in the functionality you're describing, but i confess i'm co=\r
nfused by the syntax of your e-mail and the structure of the file in questi=\r
on, as well as how you think it should be related to the notmuch project.  =\r
This might all be obvious to other people; sorry for my confusion!<br  />\r
</p>\r
\r
<p>\r
Do you think this should be integrated into notmuch and shipped with it? if=\r
 so, can you provide it as a standard patch for folks here to review?<br  />\r
</p>\r
\r
<p>\r
Some questions worth documenting if possible:<br  />\r
</p>\r
\r
<ul class=3D"org-ul">\r
<li>do you expect this to work for S/MIME encrypted messages as well as S/M=\r
IME signed messages?<br  />\r
</li>\r
\r
<li>is there a reason to do this only in emacs?  PGP/MIME-signed (and -encr=\r
ypted) messages can be parsed directly by libnotmuch so they are useful in =\r
other contexts as well<br  />\r
</li>\r
\r
<li>what key management model does this code assume and/or enforce?  how do=\r
 we know which keys belong to which users?<br  />\r
</li>\r
</ul>\r
\r
<p>\r
Thanks for working on notmuch!<br  />\r
</p>\r
\r
<p>\r
Regards,<br  />\r
</p>\r
\r
<p>\r
&#x2013;dkg<br  />\r
</p>\r
\r
\r
<p>\r
&#x2013;<br  />\r
</p>\r
\r
<pre class=3D"example">\r
~^v^~ Bat\r
</pre>\r
\r
------7A9AC58F7D949A2C35A72AFA089957FC\r
Content-Type: application/x-pkcs7-signature; name="smime.p7s"\r
Content-Transfer-Encoding: base64\r
Content-Disposition: attachment; filename="smime.p7s"\r
\r
MIIJGwYJKoZIhvcNAQcCoIIJDDCCCQgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3\r
DQEHAaCCBkwwggZIMIIFMKADAgECAgMI9O0wDQYJKoZIhvcNAQEFBQAwgYwxCzAJ\r
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1\r
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv\r
bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDAy\r
MTExOTAxNTZaFw0xNTAyMTIyMjAxMThaMGExGTAXBgNVBA0TEEY2NkE5OGZkb2FN\r
Q0k4Qk4xHjAcBgNVBAMMFWJhdGVhc3RAYmF0LmZyLmV1Lm9yZzEkMCIGCSqGSIb3\r
DQEJARYVYmF0ZWFzdEBiYXQuZnIuZXUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC\r
AQ8AMIIBCgKCAQEAyZVzZ9wZRF2ws0rxniwRZ66Eyd+G98Cx61SPc7X1siZFsdwt\r
yF+L2KI5tDIBt3uhbM5uLSNQIxysz2iDyLWxo7+u+Ot5MYOu3BCCcWyrqHJMErZG\r
dWte3HlyN2suzK9j4NDwHippcgCH8ImRJ/sPH+Q9tRnr2Y6fs0LH4fH9WCrr/kR9\r
kniUSnyVL5iW06ZbIS+6Pwd4VIkB6ctaq5Zro3HA75alsW6qZ5QTwJKPb4zAKMlm\r
jsbQqd8VtBMjVL9FqDTIGBfvCtsSY3x8WwETw0O0ks6V3KCe3qD9o7bt66QmcH6u\r
yFLnFwBBWl53q6Uj+f9HyDN6oKlQMEVykDs0KwIDAQABo4IC2zCCAtcwCQYDVR0T\r
BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME\r
MB0GA1UdDgQWBBR1jaZYWD3I4/WRf66Lp+7n1c3CDjAfBgNVHSMEGDAWgBRTcu2S\r
nODaywFcfH6WNU7y1LhRgjAgBgNVHREEGTAXgRViYXRlYXN0QGJhdC5mci5ldS5v\r
cmcwggFMBgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEF\r
BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYB\r
BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB\r
ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl\r
IENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t\r
IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv\r
c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u\r
cy4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0\r
dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov\r
L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUF\r
BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs\r
aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v\r
MA0GCSqGSIb3DQEBBQUAA4IBAQBuipeKxSwZNTsTF1uY9CHWFvHDRrhWROKQ/3oB\r
cI6nV7MgXAvKxXqLGdq+N6URtKTspPuZz0pWMtHF6Sgu6mzeiXGS3ZOtz6Kq/q9Y\r
raogWBYjgqp5GQwl8uKG7VW4BQPtop8DyrgP0IV97enY5qTTCmT5GsLrT6t2y5CY\r
o7N1yMcukSq6VlQwm4JNrNcWK16kBO+7HwJ0JYGl9jF9ITyvsVWEg9/6uNjNT4Gs\r
hZs4T1KFVA+fuKwWQXs0INZevU8UgTduKdofA4Z9+AxCm5yjfV1S+am47LqmX3hQ\r
6hUtP36pa1OqeeMXYi210UmcnONJsAxFbMYyvWSVq+VntBwyMYIClzCCApMCAQEw\r
gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD\r
VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQD\r
Ey9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD\r
QQIDCPTtMAkGBSsOAwIaBQCggdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc\r
BgkqhkiG9w0BCQUxDxcNMTQwMzE0MTA1OTAwWjAjBgkqhkiG9w0BCQQxFgQUvJap\r
oazocYXOILg8KwPnQM5tju4weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASow\r
CwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0D\r
AgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ\r
KoZIhvcNAQEBBQAEggEAY1Y7F2BmpA8iB/UIgQlB85MrTmRv/L2nrqnHyn5b2TWw\r
1PXSVvQeUPQVdo472gNeeqjOdUxjyFciLK0fsYXJNBwL991Up3RfBT+2seATtCXK\r
Q38NidMf2u2+rH3m/WQjEZQ26PxwkoBEqUcBh5BOlvucqZWd65tW3fmeN/cAq6m5\r
laoLJzM93Xewxekas1QfriSFrWpkZR/yJ9InUJe+sYX/pEAWF50rsSdwkOtb0SbP\r
gqGOtlcnGpPCOrhCZbz6UaPc7kbxeap6IQo23ni0rSuySjbzizL7wIYGftpHXh5n\r
Da2BLlSMLw00mj414S25lnXB7SnqtUaYHVDGUrqfIA==\r
\r
------7A9AC58F7D949A2C35A72AFA089957FC--\r
\r