* S/MIME with OpenSSL?
@ 2015-11-08 16:15 Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
0 siblings, 1 reply; 2+ messages in thread
From: Jens Lechtenboerger @ 2015-11-08 16:15 UTC (permalink / raw)
To: help-gnu-emacs, info-gnus-english
Hi there,
I plan to refactor the code used for GnuPG in the Message mode of
Emacs (Gnus) and started a discussion on the Gnus devel mailing list
ding. An open issue is the use of OpenSSL for S/MIME in Emacs,
which might be removed in the future. So if you use S/MIME via
OpenSSL, please let me know why.
I recommend that you use gpgsm instead of openssl for S/MIME as:
** Gpgsm manages certificates (storage, expiry, revocation).
Users need to perform those tasks manually with openssl.
** Openssl has bugs as documented in the BUGS section of man smime(1).
In particular: SMIMECapabilities are ignored, no revocation checking
is done on the signer's certificate.
** Advertised SMIMECapabilities include broken encryption algorithms.
With the precompiled openssl 1.0.1f on my system RC2 is advertised,
which should have been dropped since S/MIME 3.x, see:
https://tools.ietf.org/html/rfc5751#appendix-B
Currently, openssl is preferred over epg (gpgsm), via
(defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl))
in mml-smime.el. However, epg does not get loaded on its own even if it
is present. Thus, users need to set mml-smime-use or require epg in
their ~/.emacs, but the manual does not mention gpgsm at all.
I plan to change this to prefer epg by default (and to document and
recommend gpgsm).
What’s your opinion?
Best wishes
Jens
P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME.
Still, S/MIME is better than plaintext.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: S/MIME with OpenSSL?
2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger
@ 2015-11-10 16:42 ` Uwe Brauer
0 siblings, 0 replies; 2+ messages in thread
From: Uwe Brauer @ 2015-11-10 16:42 UTC (permalink / raw)
To: help-gnu-emacs; +Cc: info-gnus-english
>>> "Jens" == Jens Lechtenboerger <jens.lechtenboerger@fsfe.org> writes:
> Hi there,
> Currently, openssl is preferred over epg (gpgsm), via
> (defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl))
> in mml-smime.el. However, epg does not get loaded on its own even if it
> is present. Thus, users need to set mml-smime-use or require epg in
> their ~/.emacs, but the manual does not mention gpgsm at all.
> I plan to change this to prefer epg by default (and to document and
> recommend gpgsm).
> What’s your opinion?
I agree completely.
> Best wishes
> Jens
> P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME.
> Still, S/MIME is better than plaintext.
The problem is that openpgp, in my experience, much more difficult to
install and to use than S/MIME. I can provide a list why this is so.
This list of people with whom I communicate in S/MIME contains 8
individuals, for opengpg there is just 1.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2015-11-10 16:42 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-11-08 16:15 S/MIME with OpenSSL? Jens Lechtenboerger
2015-11-10 16:42 ` Uwe Brauer
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/emacs.git
https://git.savannah.gnu.org/cgit/emacs/org-mode.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.