info-gnus-english
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Automatic retrieval of certificates (S/MIME)

From: David S. Goldberg
Subject: Re: Automatic retrieval of certificates (S/MIME)
Date: Thu, 27 Jan 2005 14:31:40 -0500
User-agent: Gnus/5.110003 (No Gnus v0.3) XEmacs/21.4.15 (cygwin32) 
>>>>> On Thu, 27 Jan 2005 19:33:02 +0100, Simon Josefsson
>>>>> <jas@extundo.com> said:

> Yes, although I'm not sure how to implement that.  Mapping e-mail
> addresses to S/MIME certificates is not well standardized under Unix.
> There is no per-user S/MIME directory on the local machine to use.

> If you want to think about how this would work, and perhaps implement
> it, that would be very useful.

It's not trivial.  At work we keep keys in an LDAP database and I use
EUDC to fetch those I need into a local directory.  Then I've got some
helper functions I wrote (attached to the end of this message) that
map the addresses in the To and CC headers to keys in the directory,
verify the keys, and build the necessary mml.  The main entry point
for signing and encrypting is dsg-message-smime-message.  This works
fine for me, but I expect it's not a general solution.

> Your analysis is correct.  There is a variable that you can set so the
> GCC'd copy contain the raw MML tags instead of the encoded version.
> The reason for encoding things twice is that encoding a message for
> mail/news is in theory different from encoding it for GCC.  The same
> formatting logic cannot always be used.  So that's why Gnus encode the
> message twice.  It is arguable a bug.  On the other hand, a better
> solution might be to make S/MIME sign/encrypt so smooth that you
> wouldn't care that it is encoded twice.

I also find it annoying to have to type my passphrase twice per
message.  I keep hearing that gpg will soon support s/mime.  If/when
that happens, would the pgg interface then take care of this?

> You can specify the key/cert in the MML tags, if that is what you
> meant.  See 'MML Definition' in the Emacs MIME manual.  You can say,
> e.g.:

> <#part sign=smime keyfile="~/cacert.user.key">

I use <#multipart> which ends up being a complete replacement the
<#secure> tag in that the signature applies to the entire message.
I've never got the <#secure> tat to work if there are multiple
recipients.

-- 
Dave Goldberg
david.goldberg6@verizon.net

Attachment: binrztUXfu6rf.bin
Description: application/emacs-lisp

reply via email to
[Prev in Thread] Current Thread [Next in Thread]