[gmime-devel] avoiding metadata leaks when handling S/MIME-signed mail in GMime and other tools that use GnuPG
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon May 21 21:23:15 CEST 2018
On Sat 2018-05-19 14:42:54 -0400, Jeffrey Stedfast wrote:
> I kinda dropped the ball on this a while back but due to the recent
> Efail news, I resurrected my patch and have now committed it:
>
> https://github.com/jstedfast/gmime/commit/57d16f7ca9ff76e2c46c518db43b6822a2ea075a
>
> There is now a GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS flag that
> sets gpgsm into offline mode.
>
> Question: Should this behavior be the default? I.e. should I invert the
> logic for DISABLE_ONLINE_CERTIFICATE_CHECKS into
> *ENABLE*_ONLINE_CERTIFICATE_CHECKS?
>
> I'm wondering if perhaps that might be more prudent.
>
> Unfortunately, I think that means it opens the client up to other
> potential risks such as letting revoked certificates go undiscovered.
I lean toward the default being no metadata leakage.
I agree that there is a risk about revoked certificates going
undetected, but that's something that the certificate scheme needs to
deal with separately, i think, and it's not appropriate to deal with it
at message investigation time.
thanks for working on this, Jeff.
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20180521/a828effb/attachment-0001.sig>
More information about the Gnupg-devel
mailing list