AW: AW: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > On Thu 2018-05-17 15:37:55 +, Fiedler Roman wrote: > > Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > > >> See sources.list(5) and > >> https://wiki.debian.org/DebianRepository/UseThirdParty for more details. > >> >

Re: Breaking MIME concatenation

On 05/16/2018 08:59 PM, Werner Koch wrote: > On Thu, 17 May 2018 01:39, miri...@riseup.net said: > >> However, I get that many users expect HTML, embedded images and links. > > Well they expect a bit of markup like *bold* or _underlined_ or > /italics/ and links like https://gnupg.org but any

Re: Breaking MIME concatenation

given that the OS package verification use case is relevant for millions of server installations, i'm not convinced that Linux on the Desktop is really what rjh was referring to. --dkg dkg got it in one. Especially with the advent of cloud computing and one-click deployments of whole

Re: AW: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On Thu 2018-05-17 15:37:55 +, Fiedler Roman wrote: > Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > >> See sources.list(5) and >> https://wiki.debian.org/DebianRepository/UseThirdParty for more details. >> >> See also https://bugs.debian.org/877012 for suggestions about >>

Re: Breaking MIME concatenation

On Thu 2018-05-17 10:01:37 +0200, Werner Koch wrote: > On Thu, 17 May 2018 01:48, r...@sixdemonbag.org said: > >> While y'all are having this discussion, remember that GnuPG's 95% use >> case is verifying Linux packages, and that number isn't expected to >> change a whole lot. > > I am pretty sure

Re: AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 13:11, roman.fied...@ait.ac.at said: > How could that work together with the memory based "wipe" approach, you > envisioned in your message > https://lists.gnupg.org/pipermail/gnupg-users/2018-May/060379.html , last > paragraph? Tha is a different layer. Basically a part

Re: [GPGME] Repeated decrypt fails

On Thu, May 17, 2018 at 11:35 AM, Ben McGinnes wrote: > > > Does the website encrypt the file uploaded by (eventually) some end > > user or do they encrypt the file first and then upload that which your > > code subsequently decrypts? The file is encrypted first by the user

Re: [GPGME] Repeated decrypt fails

On Wed, May 16, 2018 at 10:54:52AM -0400, Randy Trinh wrote: > Hi everyone, > > I'm fairly new to GnuPG and GPGME in general and I'm currently Firstly, kudos for going straight to GPGME instead of wrapping the GPG binary.  > trying to implement a process in which a file is uploaded from a >

AW: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Daniel Kahn Gillmor [mailto:d...@fifthhorseman.net] > > On Thu 2018-05-17 08:45:18 +, Fiedler Roman wrote: > > As gnupg starts getting more and more problematic regarding some > > functions (see the discussions on command line/unattended use), Ubuntu > > Bionic AND Debian Buster

Re: AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On Thu 2018-05-17 08:45:18 +, Fiedler Roman wrote: > As gnupg starts getting more and more problematic regarding some > functions (see the discussions on command line/unattended use), Ubuntu > Bionic AND Debian Buster dropped it from their debootstrap I don't know about Ubuntu Bionic, but for

Re: Efail or OpenPGP is safer than S/MIME

> Am 17.05.2018 um 13:03 schrieb Werner Koch : > > The important print is that MDC_METHOD will be 0 with the forthcoming > AEAD algorithm. Thus you need to check whether 3rd argument is there. > > mdc_method = atoi(arg_1) > aead_algo = have_3_args? atoi(arg_3) : 0 >

AW: Efail or OpenPGP is safer than S/MIME

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > On 17 May 2018, at 11:50, Patrick Brunschwig > wrote: > > > >> On 17.05.18 10:07, Werner Koch wrote: > >> On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > >> > >>> Within 12 hours after the

AW: Users GnuPG aims for?

Just a foreword: sorry for not acknowledging all the good proposals you make - many of them I can fully second - and all the good changes you apply, I really appreciate them. I just do not reply to all of them ... > Von: Werner Koch [mailto:w...@gnupg.org] > > On Thu, 17 May 2018 10:45,

Re: Efail or OpenPGP is safer than S/MIME

> On 17 May 2018, at 11:50, Patrick Brunschwig wrote: > >> On 17.05.18 10:07, Werner Koch wrote: >> On Thu, 17 May 2018 08:59, patr...@enigmail.net said: >> >>> Within 12 hours after the release I got 5 bug reports/support requests >> >> Kudos to Enigmail for acting as

AW: Users GnuPG aims for?

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Am Donnerstag 17 Mai 2018 10:45:18 schrieb Fiedler Roman: > > As gnupg starts getting more and more problematic regarding some > functions > > (see the discussions on command line/unattended use) > > Can you give me

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 11:21, luk...@gpgtools.org said: > Is there any particular reason why these have not been added to > doc/DETAILS? They don't make much sense. I can't remember why I added them. > If we check for DECRYPTION_INFO 0 X (0 being NO MDC) and the > BADMDC status line (in addition

AW: AW: AW: AW: Efail or OpenPGP is safer than S/MIME

> Von: Werner Koch [mailto:w...@gnupg.org] > > On Wed, 16 May 2018 16:24, roman.fied...@ait.ac.at said: > > > In my opinion it is hard to find such a "one size fits all" > > solution. Like Werner's example: disabling decryption streaming > > The goal of the MDC is to assure that the message has

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:45, roman.fied...@ait.ac.at said: > encryption/decryption gateways. In my opinion gnupg development has a > strong motion towards client-only use-cases, thus I started like Huh? Didn't you noticed all the new features we implemented to make the scripting of key managment

Re: Efail or OpenPGP is safer than S/MIME

On 17.05.18 10:07, Werner Koch wrote: > On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > >> Within 12 hours after the release I got 5 bug reports/support requests > > Kudos to Enigmail for acting as our guinea pig. I implemented the same > thing in GPGME this morning (see my mail to

Re: Users GnuPG aims for?

On Thu, 17 May 2018 11:20, andr...@andrewg.com said: > More seriously though, properly marked-up text is demonstrably easier to > read. That's why people submit academic papers in Latex instead of Right. But there is nothing which inhibits a MUA to render a mail in a more appropriate way. But

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

-<| Quoting Andrew Gallagher , on Thursday, 2018-05-17 09:24:54 AM |>- > On 17/05/18 09:11, Bernhard Reiter wrote: > > I agree that technically HTML (with it extensions) is a bad format to serve > > this need. Similiar to PDF. One RTF was an approach Nextstep's mail took > >

Re: Breaking MIME concatenation

On 17/05/18 00:39, Mirimir wrote: > So the best solution would be a tweak to GnuPG that breaks HTML and > embedded remote content. I know I did suggest this earlier as a thought experiment, but MIME issues are obviously better implemented in the mail client itself, or in extremis in the secure

Re: Breaking MIME concatenation

Mirimir wrote: > So the best solution would be a tweak to GnuPG that breaks HTML and > embedded remote content. That would protect against Efail, no matter how > email clients were configured. It'd also protect against other exploits > that depend on fetching remote content. And it wouldn't

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On 05/17/2018 03:24 AM, Andrew Gallagher wrote: > On 17/05/18 09:11, Bernhard Reiter wrote: >> I agree that technically HTML (with it extensions) is a bad format to serve >> this need. Similiar to PDF. One RTF was an approach Nextstep's mail took >> and that got some adoption, but not enough.

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On 17/05/18 09:33, Werner Koch wrote: > and remember that mail is serious work and not for amusement. I think you're screaming into the wind there... ;-) More seriously though, properly marked-up text is demonstrably easier to read. That's why people submit academic papers in Latex instead of

Re: Efail or OpenPGP is safer than S/MIME

> Am 17.05.2018 um 10:07 schrieb Werner Koch : > > On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > >> Within 12 hours after the release I got 5 bug reports/support requests > > Kudos to Enigmail for acting as our guinea pig. I implemented the same > thing in GPGME this

Re: Users GnuPG aims for?

Am Donnerstag 17 Mai 2018 10:45:18 schrieb Fiedler Roman: > As gnupg starts getting more and more problematic regarding some functions > (see the discussions on command line/unattended use) Can you give me pointers here. Even unattented use needs proper care of passphrases (best is to leave them

AW: Users GnuPG aims for? (Re: Breaking MIME concatenation)

> Von: Gnupg-users [mailto:gnupg-users-boun...@gnupg.org] Im Auftrag von > > Am Mittwoch 16 Mai 2018 15:46:05 schrieb Martin: > > I think a fundamental discussion is necessary with the question: Who > > should / will use GnuPG in the future? > > Note that during one contract in 2016 we came up

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On Thu, 17 May 2018 10:24, andr...@andrewg.com said: > Content-type: text/markdown ;-) Content-type: text/org-mode But we need to disable Babel processing. So better stick with Content-type: text/plain and remember that mail is serious work and not for amusement. Salam-Shalom, Werner

Re: Users GnuPG aims for?

On Thu, 17 May 2018 10:11, bernh...@intevation.de said: > The technical and organisational difficulty is how to control backchannels It is not technical or organizational problem but a question on how to keep the marketing departments at bay. The need to avoid oracles is an old and standard

Re: Breaking MIME concatenation

On 16.05.18 21:50, Lukas Pitschl | GPGTools wrote: > >> Am 16.05.2018 um 06:21 schrieb Patrick Brunschwig : >> >> Content-Type: mutlipart/mixed; boundary="WRAPPER" >> Content-Description: Efail protection wrapper >> >> --WRAPPER >> Content-Type: text/html >> >> >> >> >>

Re: Users GnuPG aims for? (Re: Breaking MIME concatenation)

On 17/05/18 09:11, Bernhard Reiter wrote: > I agree that technically HTML (with it extensions) is a bad format to serve > this need. Similiar to PDF. One RTF was an approach Nextstep's mail took > and that got some adoption, but not enough. Today it would be some very simple > wiki markup

Re: Efail or OpenPGP is safer than S/MIME

On 17/05/18 07:59, Patrick Brunschwig wrote: > Within 12 hours after the release I got 5 bug reports/support requests > from users who can't read their (old?) mails anymore. And the day in > Europe has only just begun -- many users did not yet upgrade ... Are we confident so far that this is

Re: Efail or OpenPGP is safer than S/MIME

On Thu, 17 May 2018 08:59, patr...@enigmail.net said: > Within 12 hours after the release I got 5 bug reports/support requests Kudos to Enigmail for acting as our guinea pig. I implemented the same thing in GPGME this morning (see my mail to enigmail users). What shall we do now? Provide a

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:48, r...@sixdemonbag.org said: > While y'all are having this discussion, remember that GnuPG's 95% use > case is verifying Linux packages, and that number isn't expected to > change a whole lot. I am pretty sure that there are more Windows GPG users than users who run

Users GnuPG aims for? (Re: Breaking MIME concatenation)

Am Mittwoch 16 Mai 2018 15:46:05 schrieb Martin: > I think a fundamental discussion is necessary with the question: Who > should / will use GnuPG in the future? Note that during one contract in 2016 we came up with some thoughts in where GnuPG could be heading:

Re: Breaking MIME concatenation

On Thu, 17 May 2018 01:39, miri...@riseup.net said: > However, I get that many users expect HTML, embedded images and links. Well they expect a bit of markup like *bold* or _underlined_ or /italics/ and links like https://gnupg.org but any decent MUA already supports this for plain text mails.

Re: Efail or OpenPGP is safer than S/MIME

On 15.05.18 11:14, Andrew Gallagher wrote: > On 14/05/18 14:44, Andrew Gallagher wrote: >> I would humbly suggest that we stop worrying about which side of the >> GPG/MUA fence the ball is on, and fix it on *both* sides. > > I have just opened tickets in both GnuPG and Enigmail for the respective