From unknown Wed Jun 18 23:15:26 2025 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-Mailer: MIME-tools 5.509 (Entity 5.509) Content-Type: text/plain; charset=utf-8 From: bug#17338 <17338@debbugs.gnu.org> To: bug#17338 <17338@debbugs.gnu.org> Subject: Status: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t Reply-To: bug#17338 <17338@debbugs.gnu.org> Date: Thu, 19 Jun 2025 06:15:26 +0000 retitle 17338 Bug#745553: emacs24-el: mml2015-always-trust should default t= o nil, not t reassign 17338 emacs,gnus submitter 17338 Rob Browning severity 17338 normal tag 17338 security thanks From debbugs-submit-bounces@debbugs.gnu.org Thu Apr 24 21:44:32 2014 Received: (at submit) by debbugs.gnu.org; 25 Apr 2014 01:44:32 +0000 Received: from localhost ([127.0.0.1]:57658 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WdVBo-0004Pm-4n for submit@debbugs.gnu.org; Thu, 24 Apr 2014 21:44:32 -0400 Received: from eggs.gnu.org ([208.118.235.92]:57592) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WdVBk-0004Pd-Fk for submit@debbugs.gnu.org; Thu, 24 Apr 2014 21:44:29 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WdVBf-0006E7-2E for submit@debbugs.gnu.org; Thu, 24 Apr 2014 21:44:27 -0400 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50 autolearn=disabled version=3.3.2 Received: from lists.gnu.org ([2001:4830:134:3::11]:37676) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WdVBe-0006E3-VW for submit@debbugs.gnu.org; Thu, 24 Apr 2014 21:44:23 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:37288) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WdUZ9-00017S-RM for bug-gnu-emacs@gnu.org; Thu, 24 Apr 2014 21:05:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1WdP4a-0005Zr-Dq for bug-gnu-emacs@gnu.org; Thu, 24 Apr 2014 15:12:44 -0400 Received: from defaultvalue.org ([70.85.129.156]:60882) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1WdP4a-0005YR-8W for bug-gnu-emacs@gnu.org; Thu, 24 Apr 2014 15:12:40 -0400 Received: from trouble.defaultvalue.org (localhost [127.0.0.1]) (Authenticated sender: rlb@defaultvalue.org) by defaultvalue.org (Postfix) with ESMTPSA id 6B3AD209B3; Thu, 24 Apr 2014 14:12:38 -0500 (CDT) Received: by trouble.defaultvalue.org (Postfix, from userid 1000) id 2904C14EB64; Thu, 24 Apr 2014 14:12:38 -0500 (CDT) From: Rob Browning To: bug-gnu-emacs@gnu.org Subject: Re: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> User-Agent: Notmuch/0.17+133~g5348d19 (http://notmuchmail.org) Emacs/24.3.1 (x86_64-pc-linux-gnu) Date: Thu, 24 Apr 2014 14:12:38 -0500 Message-ID: <877g6eilsp.fsf@trouble.defaultvalue.org> MIME-Version: 1.0 Content-Type: text/plain X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-detected-operating-system: by eggs.gnu.org: Error: Malformed IPv6 address (bad octet value). X-Received-From: 2001:4830:134:3::11 X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: submit Cc: 745553@bugs.debian.org, Daniel Kahn Gillmor , 745553-forwarded@bugs.debian.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.0 (-----) [If possible, please preserve the 745553-forwarded address in any replies.] This bug was filed recently, and I suspect it might be something you'd like to discuss upstream. Thanks Daniel Kahn Gillmor writes: > Package: emacs24-el > Version: 24.3+1-2 > Severity: normal > > Hi emacs maintainers! > > in > > /usr/share/emacs/24.3/lisp/gnus/mml2015.el.gz > > i see this variable definition: > > (defcustom mml2015-always-trust t > "If t, GnuPG skip key validation on encryption." > :group 'mime-security > :type 'boolean) > > This is a security risk for users of encrypted mail. i believe it > should be set to nil by default. > > Here's why: > > Consider Alice, who has OpenPGP certificates for "Bob > " and "Carol " in her keyring (in > that order). She has certified them both, so there is one valid > primary key for bob@example.org and one valid primary key for > alice@example.org. > > Bob turns evil (or maybe his key is compromised) and he adds a new > User ID: "Bob " to his OpenPGP cert. He publishes > the update to the keyservers. > > Alice, following best practices, updates her keyring from the > keyservers regularly. > > Alice's keyring now has two certs that have a "carol@example.org" user > ID in them. One of them is valid, and the other one is not. > > Alice now composes a message to "Carol " and marks > it with: > > <#secure method=pgpmime mode=signencrypt> > > As the message goes out, mml-mode just passes the e-mail address > carol@example.org to gpg to encrypt the message body, and gpg uses the > e-mail address to select a key. Since Bob's key is first in the > keyring, it is the one that will be used. > > Bob then sneaks a peak at Carol's e-mail (maybe they're delivered to the > same server, or he has a machine on the same network), catches the > message in transit, and can decrypt the content, violating Alice's > message confidentiality expectations. > > Please set mml2015-always-trust to default to "nil" instead of "t". > > --dkg > > -- System Information: > Debian Release: jessie/sid > APT prefers testing > APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') > Architecture: amd64 (x86_64) > Foreign Architectures: i386 > > Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores) > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > > Versions of packages emacs24-el depends on: > ii emacs24-common 24.3+1-2 > > emacs24-el recommends no packages. > > emacs24-el suggests no packages. > > -- debconf-show failed > -- Rob Browning rlb @defaultvalue.org and @debian.org GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4 From debbugs-submit-bounces@debbugs.gnu.org Fri May 02 17:14:00 2014 Received: (at control) by debbugs.gnu.org; 2 May 2014 21:14:00 +0000 Received: from localhost ([127.0.0.1]:48800 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WgKmO-00024s-FR for submit@debbugs.gnu.org; Fri, 02 May 2014 17:14:00 -0400 Received: from fencepost.gnu.org ([208.118.235.10]:56475 ident=Debian-exim) by debbugs.gnu.org with esmtp (Exim 4.80) (envelope-from ) id 1WgKmM-00024j-2J for control@debbugs.gnu.org; Fri, 02 May 2014 17:13:58 -0400 Received: from rgm by fencepost.gnu.org with local (Exim 4.71) (envelope-from ) id 1WgKmL-00051j-O8 for control@debbugs.gnu.org; Fri, 02 May 2014 17:13:57 -0400 Date: Fri, 02 May 2014 17:13:57 -0400 Message-Id: Subject: control message for bug 17391 To: X-Mailer: mail (GNU Mailutils 2.1) From: Glenn Morris X-Spam-Score: -5.7 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -5.7 (-----) merge 17338 17391 From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 25 12:22:14 2017 Received: (at 17338) by debbugs.gnu.org; 25 Jan 2017 17:22:14 +0000 Received: from localhost ([127.0.0.1]:43138 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWRGw-0003He-3s for submit@debbugs.gnu.org; Wed, 25 Jan 2017 12:22:14 -0500 Received: from hermes.netfonds.no ([80.91.224.195]:41935) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWRGu-0003HS-77; Wed, 25 Jan 2017 12:22:12 -0500 Received: from 2.150.50.220.tmi.telenormobil.no ([2.150.50.220] helo=mouse) by hermes.netfonds.no with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.84_2) (envelope-from ) id 1cWRGo-0004io-DG; Wed, 25 Jan 2017 18:22:08 +0100 From: Lars Ingebrigtsen To: Daniel Kahn Gillmor Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <53640041.7070703@fifthhorseman.net> (Daniel Kahn Gillmor's message of "Fri, 02 May 2014 16:29:53 -0400") Date: Wed, 25 Jan 2017 18:19:35 +0100 Message-ID: <87k29jvyzc.fsf@gnus.org> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, 745553-forwarded@bugs.debian.org, 17391@debbugs.gnu.org, Jens Lechtenboerger , rlb@defaultvalue.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) Daniel Kahn Gillmor writes: > So in the scenario above, Bob's cert is still overall valid (because it > has a valid certification over the correct UserID+key from Alice), even > though the carol@example.org UserID is invalid. > > I don't know mml-mode or elisp well enough to dig into the code and fix > this part of the problem quickly, but if someone has patches that i can > look at that would point to where it might be changed, i'd be happy to > try to review them. I'm also mostly unfamiliar with the mml encryption code, but perhaps Jens could take a peek at this? -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 25 15:10:02 2017 Received: (at 17338) by debbugs.gnu.org; 25 Jan 2017 20:10:02 +0000 Received: from localhost ([127.0.0.1]:43503 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWTtJ-0002TQ-Rw for submit@debbugs.gnu.org; Wed, 25 Jan 2017 15:10:02 -0500 Received: from mx1.mailbox.org ([80.241.60.212]:40673) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWTtH-0002So-6c; Wed, 25 Jan 2017 15:09:59 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id E3701455D0; Wed, 25 Jan 2017 21:09:52 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter02.heinlein-hosting.de (spamfilter02.heinlein-hosting.de [80.241.56.116]) (amavisd-new, port 10030) with ESMTP id guHn9vZhKDWE; Wed, 25 Jan 2017 21:09:50 +0100 (CET) From: Jens Lechtenboerger To: Lars Ingebrigtsen Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> OpenPGP: id=0xA142FD84; url=https://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Wed, 25 Jan 2017 21:09:47 +0100 In-Reply-To: <87k29jvyzc.fsf@gnus.org> (Lars Ingebrigtsen's message of "Wed, 25 Jan 2017 18:19:35 +0100") Message-ID: <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Daniel Kahn Gillmor , 745553-forwarded@bugs.debian.org, 17391@debbugs.gnu.org, rlb@defaultvalue.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 2017-01-25, at 18:19, Lars Ingebrigtsen wrote: > Daniel Kahn Gillmor writes: > >> So in the scenario above, Bob's cert is still overall valid (because it >> has a valid certification over the correct UserID+key from Alice), even >> though the carol@example.org UserID is invalid. >> >> I don't know mml-mode or elisp well enough to dig into the code and fix >> this part of the problem quickly, but if someone has patches that i can >> look at that would point to where it might be changed, i'd be happy to >> try to review them. > > I'm also mostly unfamiliar with the mml encryption code, but perhaps > Jens could take a peek at this? mml2015-always-trust is replaced by mml-secure-openpgp-always-trust nowadays. I certainly wouldn=E2=80=99t object if the default value was changed, but lots of long-term users might be surprised. Also, nowadays, if multiple keys are available for a recipient, the user is asked which key to use and whether to store that choice. Then, EasyPG is responsible for calling GnuPG. Maybe something needs to be adjusted there as well. What is the expected command line behavior? Best wishes Jens From debbugs-submit-bounces@debbugs.gnu.org Wed Jan 25 15:30:43 2017 Received: (at 17338) by debbugs.gnu.org; 25 Jan 2017 20:30:43 +0000 Received: from localhost ([127.0.0.1]:43550 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWUDK-0005IN-Ml for submit@debbugs.gnu.org; Wed, 25 Jan 2017 15:30:42 -0500 Received: from che.mayfirst.org ([162.247.75.118]:51310) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWUDJ-0005GN-Bv; Wed, 25 Jan 2017 15:30:41 -0500 Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 5B911F98C; Wed, 25 Jan 2017 15:30:40 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id CD57A201A6; Wed, 25 Jan 2017 15:30:36 -0500 (EST) From: Daniel Kahn Gillmor To: Jens Lechtenboerger , Lars Ingebrigtsen Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> Date: Wed, 25 Jan 2017 15:30:33 -0500 Message-ID: <87a8aenaqe.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 745553-forwarded@bugs.debian.org, 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote: > On 2017-01-25, at 18:19, Lars Ingebrigtsen wrote: > >> Daniel Kahn Gillmor writes: >> >>> So in the scenario above, Bob's cert is still overall valid (because it >>> has a valid certification over the correct UserID+key from Alice), even >>> though the carol@example.org UserID is invalid. >>> >>> I don't know mml-mode or elisp well enough to dig into the code and fix >>> this part of the problem quickly, but if someone has patches that i can >>> look at that would point to where it might be changed, i'd be happy to >>> try to review them. >> >> I'm also mostly unfamiliar with the mml encryption code, but perhaps >> Jens could take a peek at this? > > mml2015-always-trust is replaced by mml-secure-openpgp-always-trust > nowadays. I certainly wouldn=E2=80=99t object if the default value was > changed, but lots of long-term users might be surprised. It's also possible that lots of long-term users might be surprised to find that refreshing one key in their keyring is likely to cause a change in behavior for the use of other keys in their keyring. this is a silent surprise, which seems worse than a public surprise. > Also, nowadays, if multiple keys are available for a recipient, the > user is asked which key to use and whether to store that choice. And how is that choice stored? How and when can it be revisited by the user? What happens if that choice becomes invalid in the future (e.g. the primary key, or the encryption-capable subkey is revoked, expired, etc)? > Then, EasyPG is responsible for calling GnuPG. Maybe something > needs to be adjusted there as well. What is the expected command > line behavior? Modern versions of GnuPG automatically select the key which GnuPG knows to have the best validity among all matches for the selector, thanks to work put in by Justus Winter (cc'ed), so letting GnuPG make the decision would relieve emacs of most of the hard work here, and would also mean that any changes that the user makes to their GnuPG keyring would automatically take effect in emacs without mml-mode needing to do anything. Modern versions of GnuPG also provide a "tofu" mechanism to store and track that kind of decision in. Neal Walfield (also cc'ed here) put in a lot of that implementation, so he might have some suggestions for the best way to handle it. Thanks for looking into this, Lars and Jens! --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAliJCukACgkQFJitxsGS MjeHhRAAviRJHUEUusRrZqhqyxif3qFjuK0zrPn++CmKoJoq14iSBP8ovD32Idtu ShPS6zULdkdZu/pLrhwLgnlqtiwGynlWxBOGBHacSIZSeBc6TYCprETd836quJ8b 81aXw2f/+L8GMRLYb9vYnJGGrEUHu2JR4uwYUk613fTKLh2frKEUj+QBV90SlMpH hFTEKKeDlQYYCQjFEtLf+zqvHBAAeHR4EhqTrxzCjAH33hsND9ghcrWj+FD7mAyU n5HzTtP3B1/QYOsdZzRY1QdfJAPPLEOLkA6A2o8PmgXc9te2vWPzUjC0psrNtszW Su050vLQfFKrwk/q57CRyFJBuc66S/Wn6OKgx4acI4bHf8WbjAYgiI198ryfS+vj N3ABMyCBkMEvz3r2XefLh8LL2T4rRbuo003kkMMaYT4I61bfmEqbesnU3EeCmifK oL748vLg6Bs6kxh9cQ8PDMICXHunf1NaB2Pl3yS1A2IysoYjgpBKdHBR8t0orP6m iIGfMR/nTl0PvsA9GlyXX+J8d6LaoAIBxeVUvcx8EhoaYtUSx+ChOiQtazb7K6pm XzEbpDTCc6umjgRQ+Y0rLdx0Z33EBPeQRKn/zlU7KG+BkbGXYs062jb3HqWKWoOC GxZHJZs34QM45T9b3MR4iAoUVFq7HikfU7XitF5sA3OHd8OKrzo= =EixD -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 13:36:24 2017 Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 18:36:24 +0000 Received: from localhost ([127.0.0.1]:45930 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWouG-00013H-BM for submit@debbugs.gnu.org; Thu, 26 Jan 2017 13:36:24 -0500 Received: from mx2.mailbox.org ([80.241.60.215]:59941) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWouD-000130-Uc; Thu, 26 Jan 2017 13:36:22 -0500 Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.mailbox.org (Postfix) with ESMTPS id 46412457EB; Thu, 26 Jan 2017 19:36:15 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id pV8jcKJTrEtv; Thu, 26 Jan 2017 19:36:12 +0100 (CET) From: Jens Lechtenboerger To: Daniel Kahn Gillmor Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> OpenPGP: id=0xA142FD84; url=https://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Thu, 26 Jan 2017 19:36:09 +0100 In-Reply-To: <87a8aenaqe.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Wed, 25 Jan 2017 15:30:33 -0500") Message-ID: <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -0.7 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , Daiki Ueno , 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -0.7 (/) On 2017-01-25, at 15:30, Daniel Kahn Gillmor wrote: > On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote: >> mml2015-always-trust is replaced by mml-secure-openpgp-always-trust >> nowadays. I certainly wouldn=E2=80=99t object if the default value was >> changed, but lots of long-term users might be surprised. > > It's also possible that lots of long-term users might be surprised to > find that refreshing one key in their keyring is likely to cause a > change in behavior for the use of other keys in their keyring. this is > a silent surprise, which seems worse than a public surprise. Sorry, I don=E2=80=99t understand this. What change in one key is causing silent changes for other keys? >> Also, nowadays, if multiple keys are available for a recipient, the >> user is asked which key to use and whether to store that choice. > > And how is that choice stored? How and when can it be revisited by the > user? What happens if that choice becomes invalid in the future > (e.g. the primary key, or the encryption-capable subkey is revoked, > expired, etc)? That=E2=80=99s customized in mml-secure-key-preferences. So, the usual customize interface is available. And there is some code to detect and remove unusable customizations. >> Then, EasyPG is responsible for calling GnuPG. Maybe something >> needs to be adjusted there as well. What is the expected command >> line behavior? > > Modern versions of GnuPG automatically select the key which GnuPG knows > to have the best validity among all matches for the selector, thanks to > work put in by Justus Winter (cc'ed), so letting GnuPG make the decision > would relieve emacs of most of the hard work here, and would also mean > that any changes that the user makes to their GnuPG keyring would > automatically take effect in emacs without mml-mode needing to do > anything. The mml code is based on EasyPG by Daiki Ueno (cc=E2=80=99ed). EasyPG makes use of sub-keys and their IDs for encryption commands, instead of relying on GnuPG=E2=80=99s selections. > Modern versions of GnuPG also provide a "tofu" mechanism to store and > track that kind of decision in. Neal Walfield (also cc'ed here) put in > a lot of that implementation, so he might have some suggestions for the > best way to handle it. If Emacs was relying on GnuPG=E2=80=99s decisions, nothing special would be necessary for tofu, right? (Users could activate that in their gpg.conf.) Best wishes Jens From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 14:35:42 2017 Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 19:35:42 +0000 Received: from localhost ([127.0.0.1]:46039 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWppe-0005tX-6h for submit@debbugs.gnu.org; Thu, 26 Jan 2017 14:35:42 -0500 Received: from eggs.gnu.org ([208.118.235.92]:54601) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWppc-0005tK-DU for 17338@debbugs.gnu.org; Thu, 26 Jan 2017 14:35:40 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cWppT-0007y6-Rr for 17338@debbugs.gnu.org; Thu, 26 Jan 2017 14:35:35 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:52600) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cWpog-0007lP-Ky; Thu, 26 Jan 2017 14:34:42 -0500 Received: from du-a.org ([219.94.251.20]:49652 helo=localhost.localdomain) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1cWpof-0001rC-8k; Thu, 26 Jan 2017 14:34:41 -0500 Message-ID: <871svpobsx.fsf-ueno@gnu.org> From: Daiki Ueno To: Jens Lechtenboerger Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> Date: Thu, 26 Jan 2017 20:34:22 +0100 In-Reply-To: <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> (Jens Lechtenboerger's message of "Thu, 26 Jan 2017 19:36:09 +0100") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -8.2 (--------) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , Daniel Kahn Gillmor , 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -8.2 (--------) Jens Lechtenboerger writes: >> Modern versions of GnuPG automatically select the key which GnuPG knows >> to have the best validity among all matches for the selector, thanks to >> work put in by Justus Winter (cc'ed), so letting GnuPG make the decision >> would relieve emacs of most of the hard work here, and would also mean >> that any changes that the user makes to their GnuPG keyring would >> automatically take effect in emacs without mml-mode needing to do >> anything. > > The mml code is based on EasyPG by Daiki Ueno (cc=E2=80=99ed). EasyPG ma= kes > use of sub-keys and their IDs for encryption commands, instead of > relying on GnuPG=E2=80=99s selections. It was suggested by Werner to do key selection in Emacs, like GPGME. I don't know whether GPGME changed the logic though. >> Modern versions of GnuPG also provide a "tofu" mechanism to store and >> track that kind of decision in. Neal Walfield (also cc'ed here) put in >> a lot of that implementation, so he might have some suggestions for the >> best way to handle it. I'm afraid I wouldn't do any work toward tofu at this level of quality; in particular, until they reach the consensus whether tofu is only activated when encryption is triggered by an email address. Regards, --=20 Daiki Ueno From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 18:19:32 2017 Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 23:19:32 +0000 Received: from localhost ([127.0.0.1]:46610 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKG-00051u-02 for submit@debbugs.gnu.org; Thu, 26 Jan 2017 18:19:32 -0500 Received: from che.mayfirst.org ([162.247.75.118]:52756) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKF-00051V-38; Thu, 26 Jan 2017 18:19:31 -0500 Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id AB032F993; Thu, 26 Jan 2017 18:19:29 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 762F22072D; Thu, 26 Jan 2017 18:19:24 -0500 (EST) From: Daniel Kahn Gillmor To: Jens Lechtenboerger , Lars Ingebrigtsen Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> Date: Thu, 26 Jan 2017 18:19:20 -0500 Message-ID: <87d1f92yvb.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553-forwarded@bugs.debian.org, 17391@debbugs.gnu.org, 745553@bugs.debian.org, 17338@debbugs.gnu.org, rlb@defaultvalue.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote: > mml2015-always-trust is replaced by mml-secure-openpgp-always-trust > nowadays. I certainly wouldn=E2=80=99t object if the default value was > changed, but lots of long-term users might be surprised. hm, i just noticed that mml-secure-openpgp-always-trust isn't in emacs24 either. is this also limited to emacs25? Maybe this change of variable is a good chance to do the transition to a better default. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAliKg/kACgkQFJitxsGS MjckRRAAzNaL1N+8WJqcVoQ8rjb03ITgWScWcP4qeMlVMRC6AZj5tPSTL52iDOQI yTAG17ydHxg/85vARrhOB7WTHATasJqJh84zgL9CfRUpUtD65GRzjlxLop1ntdLz Rc4M/Y08TODpgYp+IGRpWlrhH/2PLSQ+DGy4K7CpBWFx7FvoK/FY2IhD4IB/crMx j/1zgpd/s3cQlgZnhXRSgiedcges/pbuL75h22dIzVSihJNEMpMJBEojGhhzcvD/ ELpjqfVtxK9HL6EzWJMqJ3vFRET0a1DLQy0O/2NkkzqFGI/zs/IHqTiu4J9mq85F zD8yLWoREJVbDcRGMk+gb6CFkYEAEJOMUUXC2CrLsPGKP3w/d711/F+KK9i1iwJW zEvq4OuCgNsebAyUoMm0mTcQI0GnB8ABIymYjtty5t2Eqrbn7TnTpclojHX1/mgl GKZTD1JBm9BBEaufe0EA6df60hJOd7pVrqCjb0jLFUqhwEuH7GNSNdszlUiSZXaf h040cW4oNrGsiUsqhZ7bQ3k2j+vGT1xGXhsYJbc8Who7T08gEAgnEaQLuiIPGxLI spQaZLi4t94koIFmDGsw4NpDf00/34CenFIOWoohyejUgawVvgD3bJhZYr2fZKXd 0YM+uhBoqOCm6Yfyd5/hbAPlLUV/5PBOkf1ve7jaZY247IF1P78= =L9hJ -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 18:19:32 2017 Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 23:19:32 +0000 Received: from localhost ([127.0.0.1]:46612 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKG-000521-8J for submit@debbugs.gnu.org; Thu, 26 Jan 2017 18:19:32 -0500 Received: from che.mayfirst.org ([162.247.75.118]:52764) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKF-00051W-6S; Thu, 26 Jan 2017 18:19:31 -0500 Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id B2EA9F997; Thu, 26 Jan 2017 18:19:29 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 328B3206C3; Thu, 26 Jan 2017 18:17:27 -0500 (EST) From: Daniel Kahn Gillmor To: Daiki Ueno , Jens Lechtenboerger Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <871svpobsx.fsf-ueno@gnu.org> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> <871svpobsx.fsf-ueno@gnu.org> Date: Thu, 26 Jan 2017 18:17:23 -0500 Message-ID: <87fuk52yyk.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Thu 2017-01-26 14:34:22 -0500, Daiki Ueno wrote: > Jens Lechtenboerger writes: >> The mml code is based on EasyPG by Daiki Ueno (cc=E2=80=99ed). EasyPG m= akes >> use of sub-keys and their IDs for encryption commands, instead of >> relying on GnuPG=E2=80=99s selections. > > It was suggested by Werner to do key selection in Emacs, like GPGME. I > don't know whether GPGME changed the logic though. I don't know what this means -- i don't think that GPGME itself does key selection. Can you tell me more? Presumably users who use emacs with gpg also use gpg with other tools (possibly even other MUAs), or even gpg on its own. Collecting key preference data in multiple places while sharing the underlying key store seems like a recipe for synchronization problems and confusing behavior, particularly for folks who don't know how the tools fit together. >>> Modern versions of GnuPG also provide a "tofu" mechanism to store and >>> track that kind of decision in. Neal Walfield (also cc'ed here) put in >>> a lot of that implementation, so he might have some suggestions for the >>> best way to handle it. > > I'm afraid I wouldn't do any work toward tofu at this level of quality; > in particular, until they reach the consensus whether tofu is only > activated when encryption is triggered by an email address. I don't think i understand this either. Can you explain more about what you need from the GnuPG TOFU code? Thanks for this discussion, hopefully it'll lead somewhere fruitful. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAliKg4MACgkQFJitxsGS MjenIA/9E4JhobUEa/zjMo0QsruwEqG2SKJ1NeYHLOwR+Ba/gnw/t61EIxgD9dU3 ydQDoHXr6eFXeDJk5VIsG9+RGwXaiBkjzk5z2Yfi3QRHLCpDEU6+kz+TYlRYZwQ5 OQuO3azwO5wFIeSqJuW0MiiUOUaD/cEt6FiWsWve4dLxaltmQBYO1kGadXwHuC9R E9/3KAlqh5bL8yeA7R7BhFE1XhRHtnZF9EVK8isx4CCb9CL6pP9j8h8jaMdSM9q+ zfB/0EXrFkaN69WI2I0KeJS55eYZ/rTq9s3gzmlOf6cLtK85mswkUxqCWXHnKY/x JXnEG3fhlvtRpf+dgt4iFy3OFQg67QqeJM9BUjefob5v8LZzc8hnRI589e94syFO PerqWpMIKoEMdU9rSi/FryoD7MlgziTNWeAmwBnwF7LWxIeI58CQvUxUynASBMVz YSgB7C2i69jql5JCZQhW82H3dL98YJfzvn+fJSz8k6tfk1ep26gD2n4k7V0hDZRK zqLFhaXe3JK43XWg18EP6aFeOsPJ98k7tdXoBTHImq4UMbsIRY14MzmDS5EFr3RQ i6exJ0nUz4vs6zpcd7un4EVzMpmQomhAF6kSuh6fh3KBzrquJ+ZUdzTwhHFFRjBE R+H6jcPVOfEXDMG6Nhuk6pgjLVSetaR5egHg2A2tgFPeHxeTwbI= =/aiu -----END PGP SIGNATURE----- --=-=-=-- From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 18:19:36 2017 Received: (at 17338) by debbugs.gnu.org; 26 Jan 2017 23:19:36 +0000 Received: from localhost ([127.0.0.1]:46614 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKK-00052H-GH for submit@debbugs.gnu.org; Thu, 26 Jan 2017 18:19:36 -0500 Received: from che.mayfirst.org ([162.247.75.118]:52770) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWtKF-00051X-8T; Thu, 26 Jan 2017 18:19:31 -0500 Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id A0CE7F98C; Thu, 26 Jan 2017 18:19:29 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 5BF8620407; Thu, 26 Jan 2017 18:13:50 -0500 (EST) From: Daniel Kahn Gillmor To: Jens Lechtenboerger Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t In-Reply-To: <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> Date: Thu, 26 Jan 2017 18:13:50 -0500 Message-ID: <87k29h2z4h.fsf@alice.fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Spam-Score: 0.0 (/) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , Daiki Ueno , 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: 0.0 (/) On Thu 2017-01-26 13:36:09 -0500, Jens Lechtenboerger wrote: > On 2017-01-25, at 15:30, Daniel Kahn Gillmor wrote: >> On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote: >>> mml2015-always-trust is replaced by mml-secure-openpgp-always-trust >>> nowadays. I certainly wouldn’t object if the default value was >>> changed, but lots of long-term users might be surprised. >> >> It's also possible that lots of long-term users might be surprised to >> find that refreshing one key in their keyring is likely to cause a >> change in behavior for the use of other keys in their keyring. this is >> a silent surprise, which seems worse than a public surprise. > > Sorry, I don’t understand this. What change in one key is causing > silent changes for other keys? Without the notification that multiple keys are available, Bob can add Carol's User ID to his cert ; depending on where the certs are positioned linearly in Alice's keyring, mail to Carol might be encrypted to Bob's key, or to Alice's key. I think this is mitigated at least in part by prompting the user when there are multiple keys available, though. > That’s customized in mml-secure-key-preferences. So, the usual > customize interface is available. And there is some code to detect > and remove unusable customizations. When was this introduced? i don't see it, but then i'm still using emacs24. Do i need to upgrade? >> Modern versions of GnuPG also provide a "tofu" mechanism to store and >> track that kind of decision in. Neal Walfield (also cc'ed here) put in >> a lot of that implementation, so he might have some suggestions for the >> best way to handle it. > > If Emacs was relying on GnuPG’s decisions, nothing special would be > necessary for tofu, right? (Users could activate that in their > gpg.conf.) Neal can answer this better than i can. I think the TOFU mode works best when there's a bit of UI integration -- emacs would provide the way for the user to answer a question prompted by gpg, and then gpg is responsible for storing/tracking all the info. --dkg From debbugs-submit-bounces@debbugs.gnu.org Thu Jan 26 21:50:11 2017 Received: (at 17338) by debbugs.gnu.org; 27 Jan 2017 02:50:11 +0000 Received: from localhost ([127.0.0.1]:46828 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWwc7-000530-51 for submit@debbugs.gnu.org; Thu, 26 Jan 2017 21:50:11 -0500 Received: from eggs.gnu.org ([208.118.235.92]:54303) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cWwc5-00052n-Jw for 17338@debbugs.gnu.org; Thu, 26 Jan 2017 21:50:09 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1cWwbx-0000XF-AO for 17338@debbugs.gnu.org; Thu, 26 Jan 2017 21:50:04 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-2.4 required=5.0 tests=BAYES_50,RP_MATCHES_RCVD autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:56828) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1cWwbJ-0000Gp-DJ; Thu, 26 Jan 2017 21:49:21 -0500 Received: from du-a.org ([219.94.251.20]:49682 helo=localhost.localdomain) by fencepost.gnu.org with esmtpsa (TLS1.2:RSA_AES_256_CBC_SHA1:256) (Exim 4.82) (envelope-from ) id 1cWwbH-00078s-U5; Thu, 26 Jan 2017 21:49:20 -0500 Message-ID: <87mvedxlnk.fsf-ueno@gnu.org> From: Daiki Ueno To: Daniel Kahn Gillmor Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> <871svpobsx.fsf-ueno@gnu.org> <87fuk52yyk.fsf@alice.fifthhorseman.net> Date: Fri, 27 Jan 2017 03:49:03 +0100 In-Reply-To: <87fuk52yyk.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 26 Jan 2017 18:17:23 -0500") User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.1.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -8.2 (--------) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 17391@debbugs.gnu.org, 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , Jens Lechtenboerger , rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -8.2 (--------) Daniel Kahn Gillmor writes: > On Thu 2017-01-26 14:34:22 -0500, Daiki Ueno wrote: >> Jens Lechtenboerger writes: >>> The mml code is based on EasyPG by Daiki Ueno (cc=E2=80=99ed). EasyPG = makes >>> use of sub-keys and their IDs for encryption commands, instead of >>> relying on GnuPG=E2=80=99s selections. >> >> It was suggested by Werner to do key selection in Emacs, like GPGME. I >> don't know whether GPGME changed the logic though. > > I don't know what this means -- i don't think that GPGME itself does key > selection. Can you tell me more? My wording might be confusing; let me rephase: I don't think GPGME has a means of using GnuPG's selections, which the applications can rely on. EasyPG is modelled after GPGME, and Gnus is an application using it, thus it is a responsiblity of Gnus to select usable keys by itself. > Presumably users who use emacs with gpg also use gpg with other tools > (possibly even other MUAs), or even gpg on its own. Collecting key > preference data in multiple places while sharing the underlying key > store seems like a recipe for synchronization problems and confusing > behavior, particularly for folks who don't know how the tools fit > together. If there is the means to do that in GPGME now, yes, it would be nice for EasyPG to provide a similar mechanism which can be used from Gnus. Otherwise, IMO, neither EasyPG nor Gnus should try to do the selection by calling gpg directly, even if it could be useful. Regards, --=20 Daiki Ueno From debbugs-submit-bounces@debbugs.gnu.org Fri Jan 27 01:45:39 2017 Received: (at 17338) by debbugs.gnu.org; 27 Jan 2017 06:45:39 +0000 Received: from localhost ([127.0.0.1]:46873 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cX0Hz-0002B6-KK for submit@debbugs.gnu.org; Fri, 27 Jan 2017 01:45:39 -0500 Received: from mx2.heinlein-support.de ([91.198.250.20]:54025) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1cX0Hx-0002Ap-E2; Fri, 27 Jan 2017 01:45:37 -0500 Received: from mx1.mailbox.org (mx1.mailbox.org [80.241.60.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx2.heinlein-support.de (Postfix) with ESMTPS id 1F32F30229; Fri, 27 Jan 2017 07:45:31 +0100 (CET) Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id AC46D44D4A; Fri, 27 Jan 2017 07:45:30 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Received: from smtp1.mailbox.org ([80.241.60.240]) by hefe.heinlein-support.de (hefe.heinlein-support.de [91.198.250.172]) (amavisd-new, port 10030) with ESMTP id Hy894ZzLq_wj; Fri, 27 Jan 2017 07:45:28 +0100 (CET) From: Jens Lechtenboerger To: Daniel Kahn Gillmor Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> <87a8aenaqe.fsf@alice.fifthhorseman.net> <87a8add5ye.fsf@informationelle-selbstbestimmung-im-internet.de> <87k29h2z4h.fsf@alice.fifthhorseman.net> OpenPGP: id=0xA142FD84; url=https://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Date: Fri, 27 Jan 2017 07:45:23 +0100 In-Reply-To: <87k29h2z4h.fsf@alice.fifthhorseman.net> (Daniel Kahn Gillmor's message of "Thu, 26 Jan 2017 18:13:50 -0500") Message-ID: <87inp1ypa4.fsf@informationelle-selbstbestimmung-im-internet.de> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Justus Winter , 745553-forwarded@bugs.debian.org, Lars Ingebrigtsen , Daiki Ueno , 17391@debbugs.gnu.org, rlb@defaultvalue.org, "Neal H. Walfield" X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -2.3 (--) On 2017-01-26, at 18:13, Daniel Kahn Gillmor wrote: > On Thu 2017-01-26 13:36:09 -0500, Jens Lechtenboerger wrote: >> That=E2=80=99s customized in mml-secure-key-preferences. So, the usual >> customize interface is available. And there is some code to detect >> and remove unusable customizations. > > When was this introduced? i don't see it, but then i'm still using > emacs24. Do i need to upgrade? I introduced that about a year ago, when Gnus was still developed in its own repository. I don=E2=80=99t know anything about Gnus releases since then. The doc string reports those changes as of version 25.1 of Emacs. Best wishes Jens From debbugs-submit-bounces@debbugs.gnu.org Tue Dec 18 17:31:48 2018 Received: (at control) by debbugs.gnu.org; 18 Dec 2018 22:31:48 +0000 Received: from localhost ([127.0.0.1]:53839 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gZNu0-0000cm-3w for submit@debbugs.gnu.org; Tue, 18 Dec 2018 17:31:48 -0500 Received: from eggs.gnu.org ([208.118.235.92]:43786) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1gZNty-0000Xo-Oa for control@debbugs.gnu.org; Tue, 18 Dec 2018 17:31:46 -0500 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1gZNtr-0008AK-Qy for control@debbugs.gnu.org; Tue, 18 Dec 2018 17:31:41 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on eggs.gnu.org X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=disabled version=3.3.2 Received: from fencepost.gnu.org ([2001:4830:134:3::e]:45447) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1gZNtr-00089g-HV for control@debbugs.gnu.org; Tue, 18 Dec 2018 17:31:39 -0500 Received: from rgm by fencepost.gnu.org with local (Exim 4.82) (envelope-from ) id 1gZNtq-00029p-My for control@debbugs.gnu.org; Tue, 18 Dec 2018 17:31:39 -0500 Subject: control message for bug 17338 To: X-Mailer: mail (GNU Mailutils 2.99.98) Message-Id: From: Glenn Morris Date: Tue, 18 Dec 2018 17:31:38 -0500 X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 2001:4830:134:3::e X-Spam-Score: -5.0 (-----) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -6.0 (------) tag 17338 security From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 20 08:11:52 2022 Received: (at 17338) by debbugs.gnu.org; 20 Feb 2022 13:11:52 +0000 Received: from localhost ([127.0.0.1]:59575 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nLm0G-0000h8-4l for submit@debbugs.gnu.org; Sun, 20 Feb 2022 08:11:52 -0500 Received: from quimby.gnus.org ([95.216.78.240]:54416) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nLm0E-0000go-TV; Sun, 20 Feb 2022 08:11:51 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org; s=20200322; h=Content-Transfer-Encoding:Content-Type:MIME-Version:Message-ID :In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Clcyxf6sXJfqopB563kJt894wdzjOlFBNEnkW0rEQT8=; b=GBjV025qloe2SZ7w6j4mwdSt9/ 9LCN0mFuzzyGwczoJOeJBluRUkYvTsMOoqz0i/tsRWWuIsU+BWKOdJblG4nqUl+rkwqXOt7Acwl99 a2tsg2GyMjHjg6laM+kYRbZ59s54krNi0KJ6sTolr560RPrv6tAMZnofiYo9tbMG239Q=; Received: from [84.212.220.105] (helo=giant) by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nLm02-0001xZ-V7; Sun, 20 Feb 2022 14:11:41 +0100 From: Lars Ingebrigtsen To: Jens Lechtenboerger Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t References: <20140422190613.18043.21415.reportbug@alice.fifthhorseman.net> <877g6eilsp.fsf@trouble.defaultvalue.org> <53640041.7070703@fifthhorseman.net> <87k29jvyzc.fsf@gnus.org> <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> X-Now-Playing: Meat Beat Manifesto's _Storm the Studio_: "I Got The Fear (Part 1)" Date: Sun, 20 Feb 2022 14:11:36 +0100 In-Reply-To: <87a8aehpf8.fsf@informationelle-selbstbestimmung-im-internet.de> (Jens Lechtenboerger's message of "Wed, 25 Jan 2017 21:09:47 +0100") Message-ID: <87wnhpsmwn.fsf_-_@gnus.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/29.0.50 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: Jens Lechtenboerger writes: > mml2015-always-trust is replaced by mml-secure-openpgp-always-trust > nowadays. I certainly wouldn’t object if the default value was > changed, but lots of long-term users might be surprised. > > [...] Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: 17338 Cc: 745553@bugs.debian.org, 17338@debbugs.gnu.org, Daniel Kahn Gillmor , 745553-forwarded@bugs.debian.org, 17391@debbugs.gnu.org, rlb@defaultvalue.org X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) Jens Lechtenboerger writes: > mml2015-always-trust is replaced by mml-secure-openpgp-always-trust > nowadays. I certainly wouldn=E2=80=99t object if the default value was > changed, but lots of long-term users might be surprised. > > Also, nowadays, if multiple keys are available for a recipient, the > user is asked which key to use and whether to store that choice. (I'm going through old bug reports that unfortunately weren't resolved at the time.) Skimming this bug report, it seems like this is working as designed, so I'm closing this bug report. --=20 (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no From debbugs-submit-bounces@debbugs.gnu.org Sun Feb 20 08:11:57 2022 Received: (at control) by debbugs.gnu.org; 20 Feb 2022 13:11:57 +0000 Received: from localhost ([127.0.0.1]:59578 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nLm0L-0000hU-C1 for submit@debbugs.gnu.org; Sun, 20 Feb 2022 08:11:57 -0500 Received: from quimby.gnus.org ([95.216.78.240]:54430) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1nLm0H-0000gs-W7 for control@debbugs.gnu.org; Sun, 20 Feb 2022 08:11:54 -0500 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=gnus.org; s=20200322; h=Subject:From:To:Message-Id:Date:Sender:Reply-To:Cc: MIME-Version:Content-Type:Content-Transfer-Encoding:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=cNE/gUAiTJbwwfSaiu9GeelOdrV4VcHmptlgCftJiQI=; b=rMZI2y/Kb16GQo3isG+UdojYYw LVBD5LyYN0pX5kRIu6B2Cr533amXIDZXP19qIxujc+Jug4igRYI6CQacovg88DSNneUWPsD7IkEs9 FBSUks8u/wiao85CVLbOwR+BtmHLRls5HhhB1lokfiEB0zrhXB/dz+X8FR08Qe5zVkEg=; Received: from [84.212.220.105] (helo=giant) by quimby.gnus.org with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1nLm09-0001xg-RB for control@debbugs.gnu.org; Sun, 20 Feb 2022 14:11:48 +0100 Date: Sun, 20 Feb 2022 14:11:45 +0100 Message-Id: <87v8x9smwe.fsf@gnus.org> To: control@debbugs.gnu.org From: Lars Ingebrigtsen Subject: control message for bug #17391 X-Spam-Report: Spam detection software, running on the system "quimby.gnus.org", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see @@CONTACT_ADDRESS@@ for details. Content preview: close 17391 quit Content analysis details: (-2.9 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP -1.9 BAYES_00 BODY: Bayes spam probability is 0 to 1% [score: 0.0000] X-Spam-Score: -2.3 (--) X-Debbugs-Envelope-To: control X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: debbugs-submit-bounces@debbugs.gnu.org Sender: "Debbugs-submit" X-Spam-Score: -3.3 (---) close 17391 quit From unknown Wed Jun 18 23:15:26 2025 Received: (at fakecontrol) by fakecontrolmessage; To: internal_control@debbugs.gnu.org From: Debbugs Internal Request Subject: Internal Control Message-Id: bug archived. Date: Mon, 21 Mar 2022 11:24:06 +0000 User-Agent: Fakemail v42.6.9 # This is a fake control message. # # The action: # bug archived. thanks # This fakemail brought to you by your local debbugs # administrator