Hi Baptiste-- On 03/14/2014 06:58 AM, Baptiste wrote:
> firstly, sorry for my previous mail, you are right, it was broken. This one > should be better. i didn't mean to imply it was broken at all. i haven't tested it :) > Truly, it would be better to implement it directly in notmuch core. i agree with this. > Signature verification just present a line with the signature owner and the > trust chain status (/green/ for good verification, /orange/ for self signed > only > signature). No verification is made today against :From field. what does "good verification" mean? This seems to imply that there is a trusted root store used. how does the user configure this trust store? what about non-self-signed and unvalidated certificates? (e.g. certs by unknown issuers, certs by known but untrusted issuers, certs with unknown signature algorithms, certs without proper EKUs for creating S/MIME signatures, etc.) > (green) [ Good signature by: bateast at bat.fr.eu.org - 08F4ED ] > (orange) [ Good signature by key: 0x08F4ED self signed for bateast at > bat.fr.eu.org ] the use of 08F4ED here is a bit confusing. i see from further below that this refers to the serial number of the cert; but serial numbers are not guaranteed to be unique (they are supposed to be unique across issuers, but most root trust stores (and X.509 chains) can accept certifications from different issuers). what does displaying this information do for the user? > My opinion is that S/MIME is more and more widely used today, and then > relying > only on gpg for signature or encryption is a bit rough. I agree that S/MIME support would be nice; i think implementing it in the notmuch core is the way to go. fwiw, gmime already has a cryptocontext that is supposed to handle S/MIME; it just needs proper integration, similar to the PGP/MIME integration in notmuch core: https://developer.gnome.org/gmime/stable/GMimePkcs7Context.html This has been on my plate for, uh, over a year now, but clearly i haven't gotten to it, and would be happy if someone else wanted to pick it up. --dkg -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 1010 bytes Desc: OpenPGP digital signature URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20140314/0690f26d/attachment.pgp>