[gmime-devel] avoiding metadata leaks when handling S/MIME-signed mail in GMime and other tools that use GnuPG
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon May 21 21:23:15 CEST 2018
On Sat 2018-05-19 14:42:54 -0400, Jeffrey Stedfast wrote:
> I kinda dropped the ball on this a while back but due to the recent
> Efail news, I resurrected my patch and have now committed it:
> There is now a GMIME_VERIFY_DISABLE_ONLINE_CERTIFICATE_CHECKS flag that
> sets gpgsm into offline mode.
> Question: Should this behavior be the default? I.e. should I invert the
> logic for DISABLE_ONLINE_CERTIFICATE_CHECKS into
> I'm wondering if perhaps that might be more prudent.
> Unfortunately, I think that means it opens the client up to other
> potential risks such as letting revoked certificates go undiscovered.
I lean toward the default being no metadata leakage.
I agree that there is a risk about revoked certificates going
undetected, but that's something that the certificate scheme needs to
deal with separately, i think, and it's not appropriate to deal with it
at message investigation time.
thanks for working on this, Jeff.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel