Re: [Evolution] pgp unusable?

From: Jeffrey Stedfast <fejj ximian com>
To: lfarkas mindmaker hu
Cc: evolution ximian com, evolution-hackers ximian com
Subject: Re: [Evolution] pgp unusable?
Date: 29 Nov 2001 15:33:32 -0500

On Thu, 2001-11-29 at 05:25, Levente Farkas wrote:

hi,
and at last gpg simple unusable with evolution. when I try send an encripted
mail with evo (I have to go to the menu and click on a menu item, it
would be much simpler if I able to check it somewhere within the 
composer window and I always be able to see wheter it will be encrypted 
or not). so after I send a mail it put into the sent mail encrypted with
my public key (which is ok), BUT evo send it to the others too!!
the mail which was send to the recipients should have to be encrypted
the recipients' public key (since they dont have my private key:-)
even I try to shitch of tools/mail settings/edit/security/
Always encrypt to myself when sending ecrypted mail
the thing just getting worse since if any error occure during pgp evo.
don't send mail.
again try to look at pine (and in this case others using outlook can
read you encrypted messages) which send inline non multipart and correctly
encrypted (others with their public key, into sent folder with your
public key) mails.
I even try to play with .gnupg/options:
encrypt-to "lfarkas mindmaker hu"
default-key "lfarkas mindmaker hu"
both works with pine but neither with evo (I try to commnet/uncommnet
both line).


It works for me... although someone reported a bug saying that when a
recipient's gpg key is not signed, when sending them encrypted mail, it
only encrypts to the sender's key. 

THIS IS A BUG IN GPG!!!!!

gpg tells us everything went fine, so Evolution has no way of knowing
that it didn't encrypt to all the recipients we told it to encrypt to,
thus it's not our fault.

How is your pine configured to use gpg? does it pass the --always-trust
argument to gpg? I didn't make Evolution do that because I figured it
might be considered "bad", but I think other mail clients might be doing
that.


another thing about gpg. I read the page
http://support.ximian.com/cgi-bin/ximian.cfg/php/enduser/faq.php?p_sid=I-nT5o1g&p_lva=&p_li=&p_gridsort=&p_row_cnt=27&p_prod_lvl1=2&p_page=3&p_page2=1#q-25
which simple not true! that way evo sign/encrypt mail is a standard way,
but not the only one. the way like pine do inline pgp message would be 
very simple to implement and can be readable by other mailers like
pine, netscape, outlook, eudora. these mailer are the biggest part of
the world. I agree with you that the default should have to be the standard
way but usability is another and very important reason (that's why so
many people use kde:-(()


In-line pgp mode is a broken way to do it - so many things can go
"wrong". Should I first QP/Base64 encode the text before signing? or
should I do it afterward? Do I From-escape before? afterward? ever? Do I
CRLF encode before signing?

No mailer does it the same, they all have their own pseudo-standard way
of doing it. That is why we don't do it, because it's broken.

You could try implementing in-line pgp and sending us a patch.

Jeff

Follow-Ups:
- Re: [Evolution] pgp unusable?
  - From: Levente Farkas
- Re: [Evolution] pgp unusable?
  - From: Thomas O'Dowd

References:
- [Evolution] pgp unusable?
  - From: Levente Farkas

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]