GNU bug report logs - #18393
mm-view-pkcs7-verify ignores mml-smime-use

Previous Next

Packages: gnus, emacs;

Reported by: Jens Lechtenboerger <lechten <at> wi.uni-muenster.de>

Date: Wed, 3 Sep 2014 14:28:02 UTC

Severity: normal

Tags: fixed

Fixed in version 28.1

Done: Lars Ingebrigtsen <larsi <at> gnus.org>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: Lars Ingebrigtsen <larsi <at> gnus.org>
To: Jens Lechtenboerger <lechten <at> wi.uni-muenster.de>
Cc: 18393 <at> debbugs.gnu.org
Subject: bug#18393: mm-view-pkcs7-verify ignores mml-smime-use
Date: Fri, 27 Sep 2019 17:19:38 +0200

Jens Lechtenboerger <lechten <at> wi.uni-muenster.de> writes:

> Actually, I was too fast.  I had a problem with my keyring, which
> resulted in verification errors, which in turn resulted in empty
> buffers.  I’m not sure how to test this.
>
> Attached you find an e-mail where I just changed some bytes in the
> text, keeping the old signature.  Verification fails, but the
> messages is displayed without any indication of the verification
> failure.

Thanks.

The more I dig into the entire framework for reporting errors in
encrypted/signed messages we have, the more inadequate it seems.

If you have a multipart/signed message, and you have

(setq gnus-buttonized-mime-types '("multipart/\\(signed\\|encrypted\\)"))

then the button (!) will tell you whether the verification of the
signature was successful or not.  And the decryption/verification
functions alter the mm-security-handle bound by
mm-possibly-verify-or-decrypt to enable this...  er...  reporting.

If you don't have the button (and by default that variable is nil),
you'll get no feedback whatsoever.

In the case of the message you sent me, it's not a multipart message, so
no buttons are inserted anyway, so you never ever get any feedback.

This doesn't seem the right way to do security-related functionality.

I think the principle here should be, when displaying signed/encrypted
messages, that Gnus should, by default:

 1) say that what you're viewing is signed/encrypted and
 2) explicitly say whether the signature was verified or not, and if
    there were any error messages, it should report them.

But 1) should not be done in an obnoxious way.

But I should be doing more testing before I start hacking away, and have
a bigger test corpus.

Does anybody know of one that's handy with different signing/encryption
methods?

-- 
(domestic pets only, the antidote for overdose, milk.)
   bloggy blog: http://lars.ingebrigtsen.no
This bug report was last modified 5 years and 5 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.