Re: [gmime-devel] applying GMimeVerifyFlags during message decryption
- From: Jeffrey Stedfast <jestedfa microsoft com>
- To: Daniel Kahn Gillmor <dkg fifthhorseman net>, Gmime Development <gmime-devel-list gnome org>
- Subject: Re: [gmime-devel] applying GMimeVerifyFlags during message decryption
- Date: Sat, 3 Feb 2018 17:40:22 +0000
What I was thinking is that we could just duplicate any VerifyFlags into DecryptFlags.
Possibly we could even make it such that bitwise-oring VerifyFlags and DecryptFlags worked.
In other words, if VerifyFlags was setup such that the enum flags did not overlap with DecryptFlags, they
could be combined in the decrypt() calls.
What do you think?
Jeff
On 2/2/18, 6:26 PM, "gmime-devel-list on behalf of Daniel Kahn Gillmor" <gmime-devel-list-bounces gnome org
on behalf of dkg fifthhorseman net> wrote:
Hi GMime folks--
i know that sometimes message decryption folds in verification as well
(e.g. OpenPGP single-pass signed+encrypted messages). But
g_mime_multipart_encrypted_decrypt() and g_mime_part_openpgp_decrypt()
only take a GMimeDecryptFlags. they don't take a GMimeVerifyFlags
argument.
At the moment, there are no GMimeVerifyFlags, so this isn't relevant.
but if we introduce some possible GMimeVerifyFlag, how can a user ensure
that they get these choices applied during decryption?
I'm asking in the context of a proposed "no online metadata leakage"
flag, which is relevant during both decryption and verification.
Anyway, the "obvious" formal approach is to add a GMimeVerifyFlags
argument to the two decryption functions mentioned above, but that's an
API/ABI change, so maybe something that we should put off til later.
So in the meantime, maybe we can just hope that there aren't many flags
added until the next ABI change? or is there a better fix?
--dkg
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]