Re: [gmime-devel] a new gmime release [was: Re: [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16]

From: Jeffrey Stedfast <fejj gnome org>
To: Daniel Kahn Gillmor <dkg fifthhorseman net>, Gmime Development <gmime-devel-list gnome org>
Subject: Re: [gmime-devel] a new gmime release [was: Re: [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16]
Date: Fri, 9 Dec 2016 07:37:56 -0500

On 12/8/2016 11:22 PM, Daniel Kahn Gillmor wrote:

On Thu 2016-12-08 22:01:44 -0500, Jeffrey Stedfast wrote:

I'll try to make a release this weekend. Working on getting a usable
Linux system right now (I've been building on Mac but I can't make a
release from that).

Great to hear, thank you!  If you need a usable Linux system and you're
willing to work on somoene else's hardware, i can probably set up a
virtual machine for you to use, just let me know your requirements.


I think I should be good once I figure out how to fix:

piix4_smbus: SMBus Host Controller not enabled!

which is preventing me from booting (I think? bootup stalls at that)

I've read that I need to disable that driver (which is for SMP?), so Ijust need to figure out how to boot up around that once so that I canedit /etc/modprobe.d/blacklist.conf

I think for now we should keep it on GMimeGpgContext since that's the
only ctx that it affects.

Did you discover that the S/MIME context could not support this? If it
can, we could probably move it to the base class.

 From first-principles, based on the underlying data: yes it can.  In CMS
(the S/MIME encryption format) the session keys are known as
"content-encryption keys".  see:

    https://tools.ietf.org/html/rfc5652#section-6.3
    https://tools.ietf.org/html/rfc5652#section-6.4

That said, the current GMime S/MIME implementation won't support it,
because it relies on gpgme, which in turn relies on gpgsm, and gpgsm
does not support session-key extraction yet.  However, i'm hoping that
it will support it in the future:

     https://bugs.gnupg.org/gnupg/issue2862

So anyway, i'm happy to leave the choice of API up to you.

Thanks for working on an updated release!

     --dkg

Okay, well, in that case, I guess I support moving the API down into thebase class.



I'll apply your latest patch after I get back from the gym or tonight.


Jeff

References:
- [gmime-devel] [PATCH 5/5] test the use of session keys
  - From: Daniel Kahn Gillmor
- [gmime-devel] [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16
  - From: Daniel Kahn Gillmor
- Re: [gmime-devel] [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16
  - From: Jeffrey Stedfast
- Re: [gmime-devel] [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16
  - From: Daniel Kahn Gillmor
- Re: [gmime-devel] [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16
  - From: Daniel Kahn Gillmor
- Re: [gmime-devel] [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16
  - From: Jeffrey Stedfast
- [gmime-devel] a new gmime release [was: Re: [PATCH 6/5 :P] Avoid trying to replay the session key unless we have gpg >= 2.1.16]
  - From: Daniel Kahn Gillmor

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]