bug#18393: mm-view-pkcs7-verify ignores mml-smime-use

[Lars Ingebrigtsen]

Jens Lechtenboerger <lechten@wi.uni-muenster.de> writes:

> Actually, I was too fast.  I had a problem with my keyring, which
> resulted in verification errors, which in turn resulted in empty
> buffers.  I’m not sure how to test this.
>
> Attached you find an e-mail where I just changed some bytes in the
> text, keeping the old signature.  Verification fails, but the
> messages is displayed without any indication of the verification
> failure.

Thanks.

The more I dig into the entire framework for reporting errors in
encrypted/signed messages we have, the more inadequate it seems.

If you have a multipart/signed message, and you have

(setq gnus-buttonized-mime-types '("multipart/\\(signed\\|encrypted\\)"))

then the button (!) will tell you whether the verification of the
signature was successful or not.  And the decryption/verification
functions alter the mm-security-handle bound by
mm-possibly-verify-or-decrypt to enable this...  er...  reporting.

If you don't have the button (and by default that variable is nil),
you'll get no feedback whatsoever.

In the case of the message you sent me, it's not a multipart message, so
no buttons are inserted anyway, so you never ever get any feedback.

This doesn't seem the right way to do security-related functionality.

I think the principle here should be, when displaying signed/encrypted
messages, that Gnus should, by default:

 1) say that what you're viewing is signed/encrypted and
 2) explicitly say whether the signature was verified or not, and if
    there were any error messages, it should report them.

But 1) should not be done in an obnoxious way.

But I should be doing more testing before I start hacking away, and have
a bigger test corpus.

Does anybody know of one that's handy with different signing/encryption
methods?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no