Re: [gmime-devel] avoiding metadata leaks when handling S/MIME-signed mail in GMime and other tools that use GnuPG

From: Werner Koch <wk gnupg org>
To: Jeffrey Stedfast <jestedfa microsoft com>
Cc: Daniel Kahn Gillmor <dkg fifthhorseman net>, Jeffrey Stedfast <fejj gnome org>, Gmime Development <gmime-devel-list gnome org>, "gnupg-devel\@gnupg.org" <gnupg-devel gnupg org>
Subject: Re: [gmime-devel] avoiding metadata leaks when handling S/MIME-signed mail in GMime and other tools that use GnuPG
Date: Thu, 08 Mar 2018 13:28:32 +0100

On Sat,  3 Feb 2018 19:48, gnupg-devel gnupg org said:

it suggests that setting offline mode only works for CMS and not OpenPGP? Can anyone from the GPGME team 
verify this? If so, I'll drop the flags that would indicate that this works in OpenPGP mode.


This is correct.  The offline mode currently works only with gpgsm:

  The offline mode specifies if dirmngr should be used to do additional
  validation that might require connections to external services.
  (e.g. CRL / OCSP checks).
  
  Offline mode only affects the keylist mode
  @code{GPGME_KEYLIST_MODE_VALIDATE} and is only relevant to the CMS
  crypto engine. Offline mode is ignored otherwise.
  
  This option may be extended in the future to completely disable the
  use of dirmngr for any engine.

I think it is time to do this now: https://dev.gnupg.org/T3831


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

Attachment: pgpkwyAt6TqYc.pgp
Description: PGP signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]