emacs-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: epg.el: epg--status-GET_LINE not working?


From: Neal H. Walfield
Subject: Re: epg.el: epg--status-GET_LINE not working?
Date: Fri, 07 Jul 2017 11:00:46 +0200
User-agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue) FLIM/1.14.9 (Goj┼Ź) APEL/10.8 EasyPG/1.0.0 Emacs/24.5 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)

At Fri, 07 Jul 2017 10:37:37 +0200,
Daiki Ueno wrote:
> "Neal H. Walfield" <address@hidden> writes:
> 
> >> At that time, the GnuPG developers didn't seem to have a consensus on
> >> how TOFU is supposed to work:
> >
> > FWIW, the TOFU modus operandi are unlikely to change at this stage and
> > have been stable for nearly a year.
> 
> I wouldn't call it "stable" just because the code has been there for a
> year.  What about the deployment?  Do you have any example of MUA
> implementing this feature, other than Emacs?

Well, emacs does not implement this feature.  That's the problem.

AFAIK, currently, KMail and GpgOL implement TOFU.

> > My recollection is that you said: if a recipient is specified by key
> > id rather than by email address (e.g., gpg is called like: 'gpg -e -r
> > KEYID') and the key has a conflict, the conflict should be ignored.
> 
> No.  My concern is why GnuPG detects a conflict, even though it is _not_
> given an email address to consider (i.e. signature verification).

If you have two keys that claim the same email address and aren't
cross signed, then there is a conflict.  That is orthogonal to
verification.  If there is a conflict and someone asks: is this
signature valid?  Then the right thing to do is not to say "yes," but
to e.g. raise a warning.

> > 2. AFAIK, there is no precedence for this behavior in gpg.  Consider
> > an expired or revoked key: if you try to use it, gpg will error out
> > with "unusable public key."
> 
> Erroring out and prompting user are a different behavior.
> 
> Perhaps you implemented TOFU this way (prompting user) because you use
> Wanderlust (which has bee unmaintained for years)?

> If I remember
> correctly, Wanderlust requires user an explicit action to verify a
> signature.

I don't think so.  But maybe I have some elisp magic.  I haven't
looked in a while.

> On the other hand, Gnus and other major MUA automatically verify
> signature without user interaction.  I like this much better and
> supporting your TOFU implementation would negate this this handiness.

If you don't want to support TOFU, I can't force you to.  Yes, TOFU
requires a bit more support from the MUA side than the WoT, but TOFU
is much easier for users than curating the WoT.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]