GNU bug report logs - #17338
Bug#745553: emacs24-el: mml2015-always-trust should default to nil, not t

Previous Next

Packages: gnus, emacs;

Reported by: Rob Browning <rlb <at> defaultvalue.org>

Date: Fri, 25 Apr 2014 01:45:01 UTC

Severity: normal

Tags: security

Merged with 17391

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

Message #31 received at 17338 <at> debbugs.gnu.org (full text, mbox):

From: Daniel Kahn Gillmor <dkg <at> fifthhorseman.net>
To: Jens Lechtenboerger <jens.lechtenboerger <at> fsfe.org>
Cc: 745553 <at> bugs.debian.org, 17338 <at> debbugs.gnu.org,
 Justus Winter <justus <at> g10code.com>, 745553-forwarded <at> bugs.debian.org,
 Lars Ingebrigtsen <larsi <at> gnus.org>, Daiki Ueno <ueno <at> gnu.org>,
 17391 <at> debbugs.gnu.org, rlb <at> defaultvalue.org,
 "Neal H. Walfield" <neal <at> walfield.org>
Subject: Re: bug#17391: Bug#745553: emacs24-el: mml2015-always-trust should
 default to nil, not t
Date: Thu, 26 Jan 2017 18:13:50 -0500

On Thu 2017-01-26 13:36:09 -0500, Jens Lechtenboerger wrote:
> On 2017-01-25, at 15:30, Daniel Kahn Gillmor wrote:
>> On Wed 2017-01-25 15:09:47 -0500, Jens Lechtenboerger wrote:
>>> mml2015-always-trust is replaced by mml-secure-openpgp-always-trust
>>> nowadays.  I certainly wouldn’t object if the default value was
>>> changed, but lots of long-term users might be surprised.
>>
>> It's also possible that lots of long-term users might be surprised to
>> find that refreshing one key in their keyring is likely to cause a
>> change in behavior for the use of other keys in their keyring.  this is
>> a silent surprise, which seems worse than a public surprise.
>
> Sorry, I don’t understand this.  What change in one key is causing
> silent changes for other keys?

Without the notification that multiple keys are available, Bob can add
Carol's User ID to his cert ; depending on where the certs are
positioned linearly in Alice's keyring, mail to Carol might be encrypted
to Bob's key, or to Alice's key.

I think this is mitigated at least in part by prompting the user when
there are multiple keys available, though.

> That’s customized in mml-secure-key-preferences.  So, the usual
> customize interface is available.  And there is some code to detect
> and remove unusable customizations.

When was this introduced?  i don't see it, but then i'm still using
emacs24.  Do i need to upgrade?

>> Modern versions of GnuPG also provide a "tofu" mechanism to store and
>> track that kind of decision in.  Neal Walfield (also cc'ed here) put in
>> a lot of that implementation, so he might have some suggestions for the
>> best way to handle it.
>
> If Emacs was relying on GnuPG’s decisions, nothing special would be
> necessary for tofu, right?  (Users could activate that in their
> gpg.conf.)

Neal can answer this better than i can.  I think the TOFU mode works
best when there's a bit of UI integration -- emacs would provide the way
for the user to answer a question prompted by gpg, and then gpg is
responsible for storing/tracking all the info.

            --dkg
This bug report was last modified 3 years and 89 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.