Re: Option to disable S/MIME signature check?
I asked on gnupg-users. Adding "disable-dirmngr" to gpgsm.conf disbles the use of the Dirmngr and thus expensive online checks that can take a long time to timeout. This is a viable workaround. I still believe it would be great to have an option in Mutt not to use GPGME for S/MIME in the first place. But it's not urgent any more. Kevin J. McCarthy: Also, is there a way to shorten the time that SMIME signature verification needs before timing out? 25 seconds sounds much too long to me. I don't know what it's doing that takes so long to time out, and have no idea how to adjust that. Maybe others who use s/mime with GPGME have ideas. -- ilf If you upload your address book to "the cloud", I don't want to be in it.
Re: Option to disable S/MIME signature check?
Done, thanks: https://gitlab.com/muttmua/mutt/-/issues/450 Kevin J. McCarthy: Yes, please go ahead. I don't have a current timeline for starting master development again, but when I do, it will be good to have the request there. -- ilf If you upload your address book to "the cloud", I don't want to be in it.
Re: Option to disable S/MIME signature check?
On Mon, Jul 31, 2023 at 08:43:22PM +0200, ilf wrote: Do you think I should file a feature request for this in the tracker? Yes, please go ahead. I don't have a current timeline for starting master development again, but when I do, it will be good to have the request there. Thank you. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
Do you think I should file a feature request for this in the tracker? Kevin J. McCarthy: There seem to be quite a few users with this issue. Do you think a boolean option like "crypt_verify_smime" that explicitly works even with GPGME would be feasible? From a user POV, it sure sounds logical and useful. Yes, that may be possible although it might be better to then deprecate $crypt_verify_sig and just have the separate pgp and smime config vars (which should be quadoptions). It certainly wouldn't go in a stable release. -- ilf If you upload your address book to "the cloud", I don't want to be in it.
Re: Option to disable S/MIME signature check?
On Sat, Jul 29, 2023 at 02:48:56PM +0200, ilf wrote: I have also never used "spam" before. I wonder if this feature is really correct for my use-case, which has nothing to do with spam. It might do the job, but it doesn't feel clean. It _is_ a "creative" use of the spam command. I think if you read about the command you may agree there isn't anything particularly wrong with using it for this purpose. It just allows labeling messages in a way that is efficient to search against. There seem to be quite a few users with this issue. Do you think a boolean option like "crypt_verify_smime" that explicitly works even with GPGME would be feasible? From a user POV, it sure sounds logical and useful. Yes, that may be possible although it might be better to then deprecate $crypt_verify_sig and just have the separate pgp and smime config vars (which should be quadoptions). It certainly wouldn't go in a stable release. Also, is there a way to shorten the time that SMIME signature verification needs before timing out? 25 seconds sounds much too long to me. I don't know what it's doing that takes so long to time out, and have no idea how to adjust that. Maybe others who use s/mime with GPGME have ideas. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
I have never used "message-hook" before. That looks like a workable workaround. I have also never used "spam" before. I wonder if this feature is really correct for my use-case, which has nothing to do with spam. It might do the job, but it doesn't feel clean. There seem to be quite a few users with this issue. Do you think a boolean option like "crypt_verify_smime" that explicitly works even with GPGME would be feasible? From a user POV, it sure sounds logical and useful. Also, is there a way to shorten the time that SMIME signature verification needs before timing out? 25 seconds sounds much too long to me. Thanks a lot! Kevin J. McCarthy: So: How can I disable the S/MIME signature check while still using GPGME for OpenPGP? The option $crypt_verify_sig is shared between PGP and S/MIME, so you'll have to be creative if you are using GPGME. Maybe something like: spam content-type:.*pkcs7 smime message-hook ~A 'set crypt_verify_sig=yes' message-hook '~H smime' 'set crypt_verify_sig=no' # or '=ask-no' -- ilf If you upload your address book to "the cloud", I don't want to be in it.
Re: Option to disable S/MIME signature check?
On Wed, Jul 26, 2023 at 09:37:34AM +0800, Kevin J. McCarthy wrote: spam content-type:.*pkcs7 smime Sorry, it's a good idea to root the regexp above: spam ^content-type:.*pkcs7 smime -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
On Tue, Jul 25, 2023 at 12:32:40PM +0200, ilf wrote: I do use OpenPGP. So disabling "crypt_use_gpgme" is not an option for me, same for changing "crypt_verify_sig". In the old thread from 2018, Kevin J. McCarthy proposed this: However, you could try set smime_verify_command="" (along with smime_verify_opaque_command and smime_decrypt_command). But this does not work. According to muttrc(5) the default value for these three options is already "", and I am not setting them anywhere. That option only works when $crypt_use_gpgme is unset. So: How can I disable the S/MIME signature check while still using GPGME for OpenPGP? The option $crypt_verify_sig is shared between PGP and S/MIME, so you'll have to be creative if you are using GPGME. Maybe something like: spam content-type:.*pkcs7 smime message-hook ~A 'set crypt_verify_sig=yes' message-hook '~H smime' 'set crypt_verify_sig=no' # or '=ask-no' -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
Hi I would also like to disable the S/MIME signature check. I have no use for it. And "Invoking S/MIME..." takes 25 seconds before failing with "S/MIME signature could NOT be verified." I do use OpenPGP. So disabling "crypt_use_gpgme" is not an option for me, same for changing "crypt_verify_sig". In the old thread from 2018, Kevin J. McCarthy proposed this: However, you could try set smime_verify_command="" (along with smime_verify_opaque_command and smime_decrypt_command). But this does not work. According to muttrc(5) the default value for these three options is already "", and I am not setting them anywhere. So: How can I disable the S/MIME signature check while still using GPGME for OpenPGP? Thanks W. Martin Borgert wrote 2018-05-15: once in a while I get emails with S/MIME signatures. This is on public mailing lists, where I seldomly care about signatures, and I open the email only to read one or two lines to be sure I can actually press 'd' :~) Mutt says "Invoking S/MIME..." which takes too long for my taste (some seconds just to open one email which I will delete anyway) and then usually: "S/MIME signature could NOT be verified." I would like to disable this signature check altogether, because all my real contacts use either PGP or no signature at all. Is there an option in mutt to do this? Hopefully a run time option, not a compile time option... -- ilf If you upload your address book to "the cloud", I don't want to be in it.
Re: Option to disable S/MIME signature check?
On Tue, May 15, 2018 at 03:27:15PM -0400, Todd Zullinger wrote: > Kevin J. McCarthy wrote: > > On Tue, May 15, 2018 at 09:40:38AM +0200, W. Martin Borgert wrote: > >> Is there an option in mutt to do this? Hopefully a run time > >> option, not a compile time option... > > > > The compile-time configuration is the cleanest way to turn it off. > > However, you could try set smime_verify_command="" (along with > > smime_verify_opaque_command and smime_decrypt_command). > > Out of curiosity, is it correct that --disable-smime only > applies when building without gpgme? It looks like with > --enable-gpgme, smime will be available via gpgme? Yes, if you turn on gpgme it will be available through that. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
On 2018-05-15 09:06, Kevin J. McCarthy wrote: > However, you could try set smime_verify_command="" (along with > smime_verify_opaque_command and smime_decrypt_command). Thanks, but unfortunately, this did not help. I found that set crypt_use_gpgme=no helps however (source: https://bugs.debian.org/838361).
Re: Option to disable S/MIME signature check?
Kevin J. McCarthy wrote: > On Tue, May 15, 2018 at 09:40:38AM +0200, W. Martin Borgert wrote: >> Is there an option in mutt to do this? Hopefully a run time >> option, not a compile time option... > > The compile-time configuration is the cleanest way to turn it off. > However, you could try set smime_verify_command="" (along with > smime_verify_opaque_command and smime_decrypt_command). Out of curiosity, is it correct that --disable-smime only applies when building without gpgme? It looks like with --enable-gpgme, smime will be available via gpgme? Thanks, -- Todd ~~ A common mistake people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools. -- Douglas Adams signature.asc Description: PGP signature
Re: Option to disable S/MIME signature check?
On Tue, May 15, 2018 at 09:40:38AM +0200, W. Martin Borgert wrote: > Is there an option in mutt to do this? Hopefully a run time > option, not a compile time option... The compile-time configuration is the cleanest way to turn it off. However, you could try set smime_verify_command="" (along with smime_verify_opaque_command and smime_decrypt_command). Alternatively, you could set crypt_verify_sig=ask-yes, but that affects both PGP and S/MIME. -- Kevin J. McCarthy GPG Fingerprint: 8975 A9B3 3AA3 7910 385C 5308 ADEF 7684 8031 6BDA signature.asc Description: PGP signature