docs/master

changeset 157:0cce17978f0a

Wrote about signing and encrypting. Not finished yet.
author markus schnalke <meillo@marmaro.de>
date Sat, 07 Jul 2012 18:41:47 +0200
parents db199d51d5b0
children a6dc418ab0a4
files discussion.roff
diffstat 1 files changed, 108 insertions(+), 2 deletions(-) [+]
line diff
     1.1 --- a/discussion.roff	Sat Jul 07 14:41:35 2012 +0200
     1.2 +++ b/discussion.roff	Sat Jul 07 18:41:47 2012 +0200
     1.3 @@ -2301,9 +2301,115 @@
     1.4  
     1.5  .H2 "Digital Cryptography
     1.6  .P
     1.7 -Signing and encryption.
     1.8 +Nmh offers no direct support for digital cryptography,
     1.9 +i.e. digital signatures and message encryption.
    1.10 +This functionality needed to be added through third-party software.
    1.11 +In mmh, the functionality should be included because digital
    1.12 +cryptography is a part of modern email and likely used by users of mmh.
    1.13 +A fresh mmh installation should support signing and encrypting
    1.14 +out-of-the-box.
    1.15 +Therefore, Neil Rickert's
    1.16 +.Pn mhsign
    1.17 +and
    1.18 +.Pn mhpgp
    1.19 +scripts
    1.20 +.[
    1.21 +neil rickert mhsign mhpgp
    1.22 +.]
    1.23 +were included into mmh.
    1.24 +The scripts fit well into the mmh, because they are lightweight and
    1.25 +of style similar to the existing tools.
    1.26 +Additionally, no licensing difficulties appeared,
    1.27 +as they are part of the public domain.
    1.28  .P
    1.29 -FIXME
    1.30 +The scripts were written for nmh, hence I needed to adjust them according
    1.31 +to the differences of mmh.
    1.32 +For instance, I removed the use of the backup prefix and dropped support
    1.33 +for old PGP features.
    1.34 +.P
    1.35 +.Pn mhsign
    1.36 +handles the signing and encrypting part.
    1.37 +It comprises about 250 lines of shell code and interfaces between
    1.38 +.Pn gnupg
    1.39 +and
    1.40 +the MH system.
    1.41 +It was meant to be invoked at the WhatNow prompt, but in mmh,
    1.42 +.Pn send
    1.43 +does the job automatically.
    1.44 +Special header fields were introduced to request the action.
    1.45 +If a draft contains the
    1.46 +.Hd Sign
    1.47 +header field,
    1.48 +.Pn send
    1.49 +will sign it.
    1.50 +The key to be used is either chosen automatically or specified by the
    1.51 +.Pe Pgpkey
    1.52 +profile entry.
    1.53 +.Pn send
    1.54 +always signes messages using the PGP/MIME standard, \" REF XXX
    1.55 +but by manually invoking
    1.56 +.Pn mhsign ,
    1.57 +old-style non-MIME signatures can be created as well.
    1.58 +To sign an outgoing message, the draft needs to contain a
    1.59 +.Hd Enc
    1.60 +header field.
    1.61 +Public keys of all recipients are taken from the gnupg keyring or
    1.62 +from an overrides files, called
    1.63 +.Fn pgpkeys .
    1.64 +Unless public keys are found for all recipients,
    1.65 +.Pn send
    1.66 +will refuse to encrypt and send it.
    1.67 +Currently, messages with hidden (BCC) recipients can not be encrypted.
    1.68 +This corner-case requires a more complex solution.
    1.69 +Covering it is left to do.
    1.70 +.P
    1.71 +The integrated message signing and encrypting support is one of the
    1.72 +most recent features in mmh.
    1.73 +Feedback from users and the experience I will gather myself
    1.74 +will direct the further development of the facility.
    1.75 +It is worthwhile to consider adding
    1.76 +.Sw -[no]sign
    1.77 +and
    1.78 +.Sw -[no]enc
    1.79 +switches to
    1.80 +.Pn send ,
    1.81 +to override the corresponding header fields.
    1.82 +The profile entry:
    1.83 +.VS
    1.84 +send: -sign
    1.85 +VE
    1.86 +.LP
    1.87 +would then activate signing of all outgoing messages.
    1.88 +With the present approach, the line
    1.89 +.VS
    1.90 +Send:
    1.91 +VE
    1.92 +.LP
    1.93 +needs to be added to all message forms to achieve the same result.
    1.94 +Yet, the integration of
    1.95 +.Pn mhsign
    1.96 +into mmh is too recent to have enough experience to decide this
    1.97 +question now.
    1.98 +.P
    1.99 +.Pn mhpgp
   1.100 +is the contrary part to
   1.101 +.Pn mhsign .
   1.102 +It verifies signatures and decrypts messages.
   1.103 +.P
   1.104 +FIXME: Add it to mmh first, then write about it here.
   1.105 +.P
   1.106 +The integration of
   1.107 +.Pn mhpgp
   1.108 +into
   1.109 +.Pn show ,
   1.110 +to automatically verify signatures and decrypt messages as needed,
   1.111 +is a task left open.
   1.112 +.Pn show 's
   1.113 +current structure does not allow such an integration on basis of
   1.114 +the existing code.
   1.115 +Extensive programming work is required. ...  FIXME
   1.116 +
   1.117 +
   1.118  
   1.119  
   1.120