Return-Path: <bateast@bat.fr.eu.org>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 3C397431FAF
	for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:25 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 1.741
X-Spam-Level: *
X-Spam-Status: No, score=1.741 tagged_above=-999 required=5
	tests=[HTML_MESSAGE=0.001, HTML_MIME_NO_HTML_TAG=0.635,
	MIME_HTML_ONLY=1.105] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id dwe1n+PAlwDg for <notmuch@notmuchmail.org>;
	Fri, 14 Mar 2014 04:00:18 -0700 (PDT)
Received: from mx1a.lautre.net (mx1a.lautre.net [80.67.160.71])
	(using TLSv1 with cipher ADH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by olra.theworths.org (Postfix) with ESMTPS id 25188431FAE
	for <notmuch@notmuchmail.org>; Fri, 14 Mar 2014 04:00:18 -0700 (PDT)
Received: from arch-vm (unknown [109.21.163.7])
	(using TLSv1 with cipher AES128-SHA (128/128 bits))
	(No client certificate requested)
	(Authenticated sender: bateast@bat.fr.eu.org)
	by mx1a.lautre.net (Postfix) with ESMTPSA id 796E8A108A;
	Fri, 14 Mar 2014 12:00:13 +0100 (CET)
From: Baptiste <bateast@bat.fr.eu.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>, notmuch@notmuchmail.org
Subject: Re: Smime signature verification in Notmuch - Emacs
In-Reply-To: <531F4FDD.6000506@fifthhorseman.net>
Organization: bat.fr.eu.org
References: <87y50r42do.fsf@bat.fr.eu.org>
 <531F4FDD.6000506@fifthhorseman.net>
User-Agent: Notmuch/0.17+81~g718d58a (http://notmuchmail.org) Emacs/24.3.50.2
	(i686-pc-linux-gnu)
Date: Fri, 14 Mar 2014 11:58:55 +0100
Message-ID: <87siqlrqq8.fsf@bat.fr.eu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature";
	micalg="sha1"; boundary="----7A9AC58F7D949A2C35A72AFA089957FC"
X-Mailman-Approved-At: Mon, 17 Mar 2014 02:21:11 -0700
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Mar 2014 11:00:25 -0000

This is an S/MIME signed message

------7A9AC58F7D949A2C35A72AFA089957FC
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<p>
Hi,<br  />
</p>

<p>
thanks you for your answer.<br  />
</p>

<p>
firstly, sorry for my previous mail, you are right, it was broken. This one=
 should be better.<br  />
</p>

<p>
Anyway, my goal was to make S/MIME messages to work with <code>notmuch</cod=
e>. Actually, I am not looking to modify directly <i>notmuch</i> (well, I h=
ave no good reason for not doing it), so I hooked the notmuch emacs interfa=
ce. I does work today with S/MIME signature and I am currently working on e=
ncryption, though it have no clew how to recreate s-exp after decryption to=
 re-inject into <i>notmuch-show</i> emacs function.<br  />
</p>

<p>
Truly, it would be better to implement it directly in notmuch core.<br  />
</p>

<p>
Signature verification just present a line with the signature owner and the=
 trust chain status (<i>green</i> for good verification, <i>orange</i> for =
self signed only signature). No verification is made today against :From fi=
eld.<br  />
</p>

<p>
As for example=C2=A0:<br  />
</p>
<pre class=3D"example">
(green)  [ Good signature by: bateast@bat.fr.eu.org - 08F4ED ]
</pre>
<p>
or<br  />
</p>
<pre class=3D"example">
(orange) [ Good signature by key: 0x08F4ED self signed for bateast@bat.fr.e=
u.org ]
</pre>

<p>
and if you click on button, you get key description=C2=A0:<br  />
</p>

<pre class=3D"example">
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 586989 (0x8f4ed)
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C=3DIL, O=3DStartCom Ltd., OU=3DSecure Digital Certificate =
Signing, CN=3DStartCom Class 1 Primary Intermediate Client CA
        Validity
            Not Before: Feb 11 19:01:56 2014 GMT
...
</pre>

<p>
My opinion is that S/MIME is more and more widely used today, and then rely=
ing only on gpg for signature or encryption is a bit rough.<br  />
</p>

<p>
Thank you,<br  />
</p>

<hr  />
<p>
<b>Le mar., mars 11 2014, Daniel Kahn Gillmor a =C3=A9crit</b><br  />
</p>

<p>
Hi Baptiste<br  />
</p>

<p>
i'm interested in the functionality you're describing, but i confess i'm co=
nfused by the syntax of your e-mail and the structure of the file in questi=
on, as well as how you think it should be related to the notmuch project.  =
This might all be obvious to other people; sorry for my confusion!<br  />
</p>

<p>
Do you think this should be integrated into notmuch and shipped with it? if=
 so, can you provide it as a standard patch for folks here to review?<br  />
</p>

<p>
Some questions worth documenting if possible:<br  />
</p>

<ul class=3D"org-ul">
<li>do you expect this to work for S/MIME encrypted messages as well as S/M=
IME signed messages?<br  />
</li>

<li>is there a reason to do this only in emacs?  PGP/MIME-signed (and -encr=
ypted) messages can be parsed directly by libnotmuch so they are useful in =
other contexts as well<br  />
</li>

<li>what key management model does this code assume and/or enforce?  how do=
 we know which keys belong to which users?<br  />
</li>
</ul>

<p>
Thanks for working on notmuch!<br  />
</p>

<p>
Regards,<br  />
</p>

<p>
&#x2013;dkg<br  />
</p>


<p>
&#x2013;<br  />
</p>

<pre class=3D"example">
~^v^~ Bat
</pre>

------7A9AC58F7D949A2C35A72AFA089957FC
Content-Type: application/x-pkcs7-signature; name="smime.p7s"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="smime.p7s"

MIIJGwYJKoZIhvcNAQcCoIIJDDCCCQgCAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3
DQEHAaCCBkwwggZIMIIFMKADAgECAgMI9O0wDQYJKoZIhvcNAQEFBQAwgYwxCzAJ
BgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYDVQQLEyJTZWN1
cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQDEy9TdGFydENv
bSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBDQTAeFw0xNDAy
MTExOTAxNTZaFw0xNTAyMTIyMjAxMThaMGExGTAXBgNVBA0TEEY2NkE5OGZkb2FN
Q0k4Qk4xHjAcBgNVBAMMFWJhdGVhc3RAYmF0LmZyLmV1Lm9yZzEkMCIGCSqGSIb3
DQEJARYVYmF0ZWFzdEBiYXQuZnIuZXUub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAyZVzZ9wZRF2ws0rxniwRZ66Eyd+G98Cx61SPc7X1siZFsdwt
yF+L2KI5tDIBt3uhbM5uLSNQIxysz2iDyLWxo7+u+Ot5MYOu3BCCcWyrqHJMErZG
dWte3HlyN2suzK9j4NDwHippcgCH8ImRJ/sPH+Q9tRnr2Y6fs0LH4fH9WCrr/kR9
kniUSnyVL5iW06ZbIS+6Pwd4VIkB6ctaq5Zro3HA75alsW6qZ5QTwJKPb4zAKMlm
jsbQqd8VtBMjVL9FqDTIGBfvCtsSY3x8WwETw0O0ks6V3KCe3qD9o7bt66QmcH6u
yFLnFwBBWl53q6Uj+f9HyDN6oKlQMEVykDs0KwIDAQABo4IC2zCCAtcwCQYDVR0T
BAIwADALBgNVHQ8EBAMCBLAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME
MB0GA1UdDgQWBBR1jaZYWD3I4/WRf66Lp+7n1c3CDjAfBgNVHSMEGDAWgBRTcu2S
nODaywFcfH6WNU7y1LhRgjAgBgNVHREEGTAXgRViYXRlYXN0QGJhdC5mci5ldS5v
cmcwggFMBgNVHSAEggFDMIIBPzCCATsGCysGAQQBgbU3AQIDMIIBKjAuBggrBgEF
BQcCARYiaHR0cDovL3d3dy5zdGFydHNzbC5jb20vcG9saWN5LnBkZjCB9wYIKwYB
BQUHAgIwgeowJxYgU3RhcnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwAwIB
ARqBvlRoaXMgY2VydGlmaWNhdGUgd2FzIGlzc3VlZCBhY2NvcmRpbmcgdG8gdGhl
IENsYXNzIDEgVmFsaWRhdGlvbiByZXF1aXJlbWVudHMgb2YgdGhlIFN0YXJ0Q29t
IENBIHBvbGljeSwgcmVsaWFuY2Ugb25seSBmb3IgdGhlIGludGVuZGVkIHB1cnBv
c2UgaW4gY29tcGxpYW5jZSBvZiB0aGUgcmVseWluZyBwYXJ0eSBvYmxpZ2F0aW9u
cy4wNgYDVR0fBC8wLTAroCmgJ4YlaHR0cDovL2NybC5zdGFydHNzbC5jb20vY3J0
dTEtY3JsLmNybDCBjgYIKwYBBQUHAQEEgYEwfzA5BggrBgEFBQcwAYYtaHR0cDov
L29jc3Auc3RhcnRzc2wuY29tL3N1Yi9jbGFzczEvY2xpZW50L2NhMEIGCCsGAQUF
BzAChjZodHRwOi8vYWlhLnN0YXJ0c3NsLmNvbS9jZXJ0cy9zdWIuY2xhc3MxLmNs
aWVudC5jYS5jcnQwIwYDVR0SBBwwGoYYaHR0cDovL3d3dy5zdGFydHNzbC5jb20v
MA0GCSqGSIb3DQEBBQUAA4IBAQBuipeKxSwZNTsTF1uY9CHWFvHDRrhWROKQ/3oB
cI6nV7MgXAvKxXqLGdq+N6URtKTspPuZz0pWMtHF6Sgu6mzeiXGS3ZOtz6Kq/q9Y
raogWBYjgqp5GQwl8uKG7VW4BQPtop8DyrgP0IV97enY5qTTCmT5GsLrT6t2y5CY
o7N1yMcukSq6VlQwm4JNrNcWK16kBO+7HwJ0JYGl9jF9ITyvsVWEg9/6uNjNT4Gs
hZs4T1KFVA+fuKwWQXs0INZevU8UgTduKdofA4Z9+AxCm5yjfV1S+am47LqmX3hQ
6hUtP36pa1OqeeMXYi210UmcnONJsAxFbMYyvWSVq+VntBwyMYIClzCCApMCAQEw
gZQwgYwxCzAJBgNVBAYTAklMMRYwFAYDVQQKEw1TdGFydENvbSBMdGQuMSswKQYD
VQQLEyJTZWN1cmUgRGlnaXRhbCBDZXJ0aWZpY2F0ZSBTaWduaW5nMTgwNgYDVQQD
Ey9TdGFydENvbSBDbGFzcyAxIFByaW1hcnkgSW50ZXJtZWRpYXRlIENsaWVudCBD
QQIDCPTtMAkGBSsOAwIaBQCggdgwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAc
BgkqhkiG9w0BCQUxDxcNMTQwMzE0MTA1OTAwWjAjBgkqhkiG9w0BCQQxFgQUvJap
oazocYXOILg8KwPnQM5tju4weQYJKoZIhvcNAQkPMWwwajALBglghkgBZQMEASow
CwYJYIZIAWUDBAEWMAsGCWCGSAFlAwQBAjAKBggqhkiG9w0DBzAOBggqhkiG9w0D
AgICAIAwDQYIKoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJ
KoZIhvcNAQEBBQAEggEAY1Y7F2BmpA8iB/UIgQlB85MrTmRv/L2nrqnHyn5b2TWw
1PXSVvQeUPQVdo472gNeeqjOdUxjyFciLK0fsYXJNBwL991Up3RfBT+2seATtCXK
Q38NidMf2u2+rH3m/WQjEZQ26PxwkoBEqUcBh5BOlvucqZWd65tW3fmeN/cAq6m5
laoLJzM93Xewxekas1QfriSFrWpkZR/yJ9InUJe+sYX/pEAWF50rsSdwkOtb0SbP
gqGOtlcnGpPCOrhCZbz6UaPc7kbxeap6IQo23ni0rSuySjbzizL7wIYGftpHXh5n
Da2BLlSMLw00mj414S25lnXB7SnqtUaYHVDGUrqfIA==

------7A9AC58F7D949A2C35A72AFA089957FC--