[gmime-devel] avoiding metadata leaks when handling S/MIME-signed mail in GMime and other tools that use GnuPG

Werner Koch wk at gnupg.org
Thu Mar 8 13:28:32 CET 2018


On Sat,  3 Feb 2018 19:48, gnupg-devel at gnupg.org said:

> it suggests that setting offline mode only works for CMS and not OpenPGP? Can anyone from the GPGME team verify this? If so, I'll drop the flags that would indicate that this works in OpenPGP mode.

This is correct.  The offline mode currently works only with gpgsm:

  The offline mode specifies if dirmngr should be used to do additional
  validation that might require connections to external services.
  (e.g. CRL / OCSP checks).
  
  Offline mode only affects the keylist mode
  @code{GPGME_KEYLIST_MODE_VALIDATE} and is only relevant to the CMS
  crypto engine. Offline mode is ignored otherwise.
  
  This option may be extended in the future to completely disable the
  use of dirmngr for any engine.

I think it is time to do this now: https://dev.gnupg.org/T3831


Salam-Shalom,

   Werner

-- 
#  Please read:  Daniel Ellsberg - The Doomsday Machine  #
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180308/d8b9271a/attachment.sig>


More information about the Gnupg-devel mailing list