On Sat 2018-05-19 14:42:54 -0400, Jeffrey Stedfast wrote:
I kinda dropped the ball on this a while back but due to the recent Efail news, I resurrected my patch and have now committed it: https://github.com/jstedfast/gmime/commit/57d16f7ca9ff76e2c46c518db43b6822a2ea075a There is now a GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS flag that sets gpgsm into offline mode. Question: Should this behavior be the default? I.e. should I invert the logic for DISABLE_ONLINE_CERTIFICATE_CHECKS into *ENABLE*_ONLINE_CERTIFICATE_CHECKS? I'm wondering if perhaps that might be more prudent. Unfortunately, I think that means it opens the client up to other potential risks such as letting revoked certificates go undiscovered.
I lean toward the default being no metadata leakage. I agree that there is a risk about revoked certificates going undetected, but that's something that the certificate scheme needs to deal with separately, i think, and it's not appropriate to deal with it at message investigation time. thanks for working on this, Jeff. --dkg
Attachment:
signature.asc
Description: PGP signature