* bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key @ 2013-01-25 21:32 ` Richard Stallman 2019-09-23 16:40 ` Lars Ingebrigtsen [not found] ` <handler.13551.C.156925686512740.notifdonectrl.0@debbugs.gnu.org> 0 siblings, 2 replies; 7+ messages in thread From: Richard Stallman @ 2013-01-25 21:32 UTC (permalink / raw) To: 13551 I have a public key for martin@gnu.org and a key for another martin at another host. When I encrypt a message to `martin' -- which means, in my case, `martin@gnu.org' -- epa-mail-encrypt picks the other martin. epa needs to know the default mail hostname so as to pick the correct Martin. It can get that from the value of user-mail-address, and maybe have other ways to specify it. In GNU Emacs 24.3.50.1 (mips64el-unknown-linux-gnu, GTK+ Version 2.12.12) of 2013-01-03 on chiefs-gnewsense Bzr revision: 111408 rgm@gnu.org-20130103023757-9p8awd7j9mkf0ike System Description: Debian GNU/Linux 6.0.6 (squeeze) Configured using: `configure CFLAGS=-O0 -g --with-gif=no --with-tiff=no --no-create --no-recursion' Important settings: value of $LANG: en_US.UTF-8 locale-coding-system: utf-8-unix default enable-multibyte-characters: t Major mode: Mail Minor modes in effect: gpm-mouse-mode: t tooltip-mode: t mouse-wheel-mode: t tool-bar-mode: t menu-bar-mode: t file-name-shadow-mode: t global-font-lock-mode: t font-lock-mode: t auto-composition-mode: t auto-encryption-mode: t auto-compression-mode: t line-number-mode: t transient-mark-mode: t abbrev-mode: t Recent input: C-x b o u t g TAB RET g e ESC x e p a d RET y C-n C-n C-n C-p C-e @ g n u . o r g ESC x e p a SPC m a i l SPC e n c TAB RET y y y C-x C-s C-c C-s y C-x b o u t g TAB RET g C-p e C-x b o u t - 2 9 RET C-_ ESC DEL ESC DEL DEL ESC x e p a SPC m a i l SPC e n TAB RET y y C-x 4 b RET C-x o C-x k RET y e s RET ESC x r e p o r t SPC e m a c s SPC b u g RET Recent messages: Saving file /home/rms/outgoing/out-29... Wrote /home/rms/outgoing/out-29 Send buffer contents as mail message? (y or n) y Sending... Wrote /home/rms/outgoing/out-30 Sending...done Undo! No public key for rms-response-1w@gnu.org; skip it? (y or n) y No public key for rms-outgoing@gnu.org; skip it? (y or n) y Encrypting...done Load-path shadows: None found. Features: (shadow emacsbug mailalias epa-mail epa derived epg epg-config rmailmm message sendmail format-spec rfc822 mml easymenu mml-sec mm-decode mm-bodies mm-encode mailabbrev gmm-utils mailheader mail-parse rfc2231 dired t-mouse time-date rmailedit rmail rfc2047 rfc2045 ietf-drums mm-util mail-prsvr mail-utils paren cus-start cus-load nadvice advice help-fns tooltip ediff-hook vc-hooks lisp-float-type mwheel x-win x-dnd tool-bar dnd fontset image regexp-opt fringe tabulated-list newcomment lisp-mode register page menu-bar rfn-eshadow timer select scroll-bar mouse jit-lock font-lock syntax facemenu font-core frame cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao korean japanese hebrew greek romanian slovak czech european ethiopic indian cyrillic chinese case-table epa-hook jka-cmpr-hook help simple abbrev minibuffer loaddefs button faces cus-face macroexp files text-properties overlay sha1 md5 base64 format env code-pages mule custom widget hashtable-print-readable backquote make-network-process dbusbind dynamic-setting system-font-setting font-render-setting move-toolbar gtk x-toolkit x multi-tty emacs) -- Dr Richard Stallman President, Free Software Foundation 51 Franklin St Boston MA 02110 USA www.fsf.org www.gnu.org Skype: No way! That's nonfree (freedom-denying) software. Use Ekiga or an ordinary phone call ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key 2013-01-25 21:32 ` bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key Richard Stallman @ 2019-09-23 16:40 ` Lars Ingebrigtsen [not found] ` <handler.13551.C.156925686512740.notifdonectrl.0@debbugs.gnu.org> 1 sibling, 0 replies; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-09-23 16:40 UTC (permalink / raw) To: Richard Stallman; +Cc: 13551 Richard Stallman <rms@gnu.org> writes: > I have a public key for martin@gnu.org and a key for another martin at > another host. When I encrypt a message to `martin' -- which means, in > my case, `martin@gnu.org' -- epa-mail-encrypt picks the other martin. > > epa needs to know the default mail hostname so as to pick the correct > Martin. It can get that from the value of user-mail-address, and > maybe have other ways to specify it. I don't think any security-related software should be guessing based on incomplete email addresses. As far as I can tell, it requires a complete match, which I guess means you have a key for "martin" (without a domain name) in your key ring. Choosing this is the right thing to do, I think, so I'm closing this bug report. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 7+ messages in thread
[parent not found: <handler.13551.C.156925686512740.notifdonectrl.0@debbugs.gnu.org>]
* bug#13551: acknowledged by developer (control message for bug #13551) [not found] ` <handler.13551.C.156925686512740.notifdonectrl.0@debbugs.gnu.org> @ 2019-09-27 11:05 ` Richard Stallman 2019-09-27 16:12 ` Lars Ingebrigtsen 0 siblings, 1 reply; 7+ messages in thread From: Richard Stallman @ 2019-09-27 11:05 UTC (permalink / raw) To: 13551 [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > I don't think any security-related software should be guessing based on > incomplete email addresses. As far as I can tell, it requires a > complete match, which I guess means you have a key for "martin" (without > a domain name) in your key ring. That is totally unpredictable _for the user sending a reply_. There are various possible ok things to do, but not that. Please make this case do something predictable. -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org) ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#13551: acknowledged by developer (control message for bug #13551) 2019-09-27 11:05 ` bug#13551: acknowledged by developer (control message for bug #13551) Richard Stallman @ 2019-09-27 16:12 ` Lars Ingebrigtsen 2019-09-28 1:32 ` Richard Stallman 0 siblings, 1 reply; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-09-27 16:12 UTC (permalink / raw) To: Richard Stallman; +Cc: 13551 Richard Stallman <rms@gnu.org> writes: > [[[ To any NSA and FBI agents reading my email: please consider ]]] > [[[ whether defending the US Constitution against all enemies, ]]] > [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > > > I don't think any security-related software should be guessing based on > > incomplete email addresses. As far as I can tell, it requires a > > complete match, which I guess means you have a key for "martin" (without > > a domain name) in your key ring. > > That is totally unpredictable _for the user sending a reply_. > There are various possible ok things to do, but not that. > > Please make this case do something predictable. I'm not sure I understand. I think it does do something completely predictable -- choose the key ring entry that matches what's in your "From" header. No guessing involved. -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#13551: acknowledged by developer (control message for bug #13551) 2019-09-27 16:12 ` Lars Ingebrigtsen @ 2019-09-28 1:32 ` Richard Stallman 2019-09-28 19:47 ` Lars Ingebrigtsen 0 siblings, 1 reply; 7+ messages in thread From: Richard Stallman @ 2019-09-28 1:32 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 13551 [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > I'm not sure I understand. I think it does do something completely > predictable -- choose the key ring entry that matches what's in your > "From" header. We seem to be failing to commnuicate. My From header always says "rms@gnu.org", but we're talking about the address I am sending to -- in the To field. Is that what you mean? The behavior that you describe is totally unpredictable for me because it depends on data I don't know, and have no other reason to know. When foo@bar.com sends me a key, I don't notice what other addresses that key covers. There is no reason to. And those alternate short addresses are not listed by epa-list-keys. If I have a key for 'arthur@gnu.org' and another for 'arthur@berkeley.edu', it is a nuisice for me to check which one, if either, lists just 'arthur' as an address. Especially since when I send mail to 'arthur@gnu.org' I may not even remember I know 'arthur@berkeley.edu'. When I send mail to just 'arthur', that is equivalent by default to 'arthur@gnu.org'. I often omit '@gnu.org' knowing this. Encryption should do the same thing: treat 'arthur' as short for 'arthur@gnu.org'. That way it will always encrypt for the person that the mail is going to. -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org) ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#13551: acknowledged by developer (control message for bug #13551) 2019-09-28 1:32 ` Richard Stallman @ 2019-09-28 19:47 ` Lars Ingebrigtsen 2019-10-05 13:18 ` Richard Stallman 0 siblings, 1 reply; 7+ messages in thread From: Lars Ingebrigtsen @ 2019-09-28 19:47 UTC (permalink / raw) To: Richard Stallman; +Cc: 13551 Richard Stallman <rms@gnu.org> writes: > > I'm not sure I understand. I think it does do something completely > > predictable -- choose the key ring entry that matches what's in your > > "From" header. > > We seem to be failing to commnuicate. My From header always says > "rms@gnu.org", but we're talking about the address I am sending to -- > in the To field. Is that what you mean? Yes; sorry. > When I send mail to just 'arthur', that is equivalent by default to > 'arthur@gnu.org'. I often omit '@gnu.org' knowing this. > > Encryption should do the same thing: treat 'arthur' as short for > 'arthur@gnu.org'. That way it will always encrypt for the person that > the mail is going to. Emacs cannot possibly know that when you send to "arthur", that that email will eventually end up going to "arthur@gnu.org". It could guess, but guessing in an security context is a no go. So if you want to send somebody secure messages, you have to tell Emacs what address the mail is going to: You can't just say "arthur". -- (domestic pets only, the antidote for overdose, milk.) bloggy blog: http://lars.ingebrigtsen.no ^ permalink raw reply [flat|nested] 7+ messages in thread
* bug#13551: acknowledged by developer (control message for bug #13551) 2019-09-28 19:47 ` Lars Ingebrigtsen @ 2019-10-05 13:18 ` Richard Stallman 0 siblings, 0 replies; 7+ messages in thread From: Richard Stallman @ 2019-10-05 13:18 UTC (permalink / raw) To: Lars Ingebrigtsen; +Cc: 13551 [[[ To any NSA and FBI agents reading my email: please consider ]]] [[[ whether defending the US Constitution against all enemies, ]]] [[[ foreign or domestic, requires you to follow Snowden's example. ]]] > Emacs cannot possibly know that when you send to "arthur", that that > email will eventually end up going to "arthur@gnu.org". Sure it can. It could get the domain from mail-host-address. We could also create another variable specifically to control this. The current behavior, as you described it, is not much better security. It is unpredictable in practice for the user. However, I am not sure how much security issue there is in sending A a message encrypted for B. Nobody can decrypt that message. I have seen reason to think that the current behavior doesn't match what you described. I entered "To: rms" and encrypted the message. It recognized that was me, rms@gnu.org, and encrypted with my key. It did this even though my key does not list 'rms' with no host name as an address (as far as I can tell). gpg --edit-key rms@gnu.org gave me this: pub 4096R/2C6464AF2A8E4C02 created: 2013-07-20 expires: never usage: SC ... sub ... [ultimate] (1). Richard Stallman <rms@gnu.org> If the key had another address, wouldn't it be listed there? In addition, after I run the encryption command, plain 'rms' has been edited into 'rms@gnu.org'. How does it know to make that change? -- Dr Richard Stallman Founder, Free Software Foundation (https://gnu.org, https://fsf.org) Internet Hall-of-Famer (https://internethalloffame.org) ^ permalink raw reply [flat|nested] 7+ messages in thread
end of thread, other threads:[~2019-10-05 13:18 UTC | newest] Thread overview: 7+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- [not found] <87k19z0xut.fsf@gnus.org> 2013-01-25 21:32 ` bug#13551: 24.3.50; epa-mail-encrypt chooses wrong key Richard Stallman 2019-09-23 16:40 ` Lars Ingebrigtsen [not found] ` <handler.13551.C.156925686512740.notifdonectrl.0@debbugs.gnu.org> 2019-09-27 11:05 ` bug#13551: acknowledged by developer (control message for bug #13551) Richard Stallman 2019-09-27 16:12 ` Lars Ingebrigtsen 2019-09-28 1:32 ` Richard Stallman 2019-09-28 19:47 ` Lars Ingebrigtsen 2019-10-05 13:18 ` Richard Stallman
Code repositories for project(s) associated with this external index https://git.savannah.gnu.org/cgit/emacs.git https://git.savannah.gnu.org/cgit/emacs/org-mode.git This is an external index of several public inboxes, see mirroring instructions on how to clone and mirror all data and code used by this external index.