From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.org!not-for-mail From: Jens Lechtenboerger Newsgroups: gmane.emacs.help,gmane.emacs.gnus.user Subject: S/MIME with OpenSSL? Date: Sun, 08 Nov 2015 17:15:02 +0100 Message-ID: <87r3k0wjqx.fsf@informationelle-selbstbestimmung-im-internet.de> NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Trace: ger.gmane.org 1446999615 3144 80.91.229.3 (8 Nov 2015 16:20:15 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Sun, 8 Nov 2015 16:20:15 +0000 (UTC) To: help-gnu-emacs@gnu.org, info-gnus-english@gnu.org Original-X-From: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Sun Nov 08 17:20:00 2015 Return-path: Envelope-to: geh-help-gnu-emacs@m.gmane.org Original-Received: from lists.gnu.org ([208.118.235.17]) by plane.gmane.org with esmtp (Exim 4.69) (envelope-from ) id 1ZvShD-0001ab-IJ for geh-help-gnu-emacs@m.gmane.org; Sun, 08 Nov 2015 17:19:59 +0100 Original-Received: from localhost ([::1]:47915 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZvShC-0000M7-MW for geh-help-gnu-emacs@m.gmane.org; Sun, 08 Nov 2015 11:19:58 -0500 Original-Received: from eggs.gnu.org ([2001:4830:134:3::10]:41455) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZvScW-0007l5-NV for help-gnu-emacs@gnu.org; Sun, 08 Nov 2015 11:15:09 -0500 Original-Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1ZvScT-0005Sn-H5 for help-gnu-emacs@gnu.org; Sun, 08 Nov 2015 11:15:08 -0500 Original-Received: from mx1.mailbox.org ([80.241.60.212]:42860) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1ZvScT-0005RH-BW; Sun, 08 Nov 2015 11:15:05 -0500 Original-Received: from smtp1.mailbox.org (smtp1.mailbox.org [80.241.60.240]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.mailbox.org (Postfix) with ESMTPS id 9A6B742218; Sun, 8 Nov 2015 17:15:04 +0100 (CET) X-Virus-Scanned: amavisd-new at heinlein-support.de Original-Received: from smtp1.mailbox.org ([80.241.60.240]) by gerste.heinlein-support.de (gerste.heinlein-support.de [91.198.250.173]) (amavisd-new, port 10030) with ESMTP id Snq990r7hZiR; Sun, 8 Nov 2015 17:15:03 +0100 (CET) OpenPGP: id=0xA142FD84; url=http://www.informationelle-selbstbestimmung-im-internet.de/A142FD84.asc Mail-Followup-To: help-gnu-emacs@gnu.org, info-gnus-english@gnu.org User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/25.0.50 (gnu/linux) X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 80.241.60.212 X-Mailman-Approved-At: Sun, 08 Nov 2015 11:19:41 -0500 X-BeenThere: help-gnu-emacs@gnu.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Users list for the GNU Emacs text editor List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Original-Sender: help-gnu-emacs-bounces+geh-help-gnu-emacs=m.gmane.org@gnu.org Xref: news.gmane.org gmane.emacs.help:107992 gmane.emacs.gnus.user:17726 Archived-At: Hi there, I plan to refactor the code used for GnuPG in the Message mode of Emacs (Gnus) and started a discussion on the Gnus devel mailing list ding. An open issue is the use of OpenSSL for S/MIME in Emacs, which might be removed in the future. So if you use S/MIME via OpenSSL, please let me know why. I recommend that you use gpgsm instead of openssl for S/MIME as: ** Gpgsm manages certificates (storage, expiry, revocation). Users need to perform those tasks manually with openssl. ** Openssl has bugs as documented in the BUGS section of man smime(1). In particular: SMIMECapabilities are ignored, no revocation checking is done on the signer's certificate. ** Advertised SMIMECapabilities include broken encryption algorithms. With the precompiled openssl 1.0.1f on my system RC2 is advertised, which should have been dropped since S/MIME 3.x, see: https://tools.ietf.org/html/rfc5751#appendix-B Currently, openssl is preferred over epg (gpgsm), via (defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl)) in mml-smime.el. However, epg does not get loaded on its own even if it is present. Thus, users need to set mml-smime-use or require epg in their ~/.emacs, but the manual does not mention gpgsm at all. I plan to change this to prefer epg by default (and to document and recommend gpgsm). What=E2=80=99s your opinion? Best wishes Jens P.S. I=E2=80=99d like to clarify that I recommend OpenPGP, not S/MIME. Still, S/MIME is better than plaintext.