Hi there, I plan to refactor the code used for GnuPG in the Message mode of Emacs (Gnus) and started a discussion on the Gnus devel mailing list ding. An open issue is the use of OpenSSL for S/MIME in Emacs, which might be removed in the future. So if you use S/MIME via OpenSSL, please let me know why.
I recommend that you use gpgsm instead of openssl for S/MIME as: ** Gpgsm manages certificates (storage, expiry, revocation). Users need to perform those tasks manually with openssl. ** Openssl has bugs as documented in the BUGS section of man smime(1). In particular: SMIMECapabilities are ignored, no revocation checking is done on the signer's certificate. ** Advertised SMIMECapabilities include broken encryption algorithms. With the precompiled openssl 1.0.1f on my system RC2 is advertised, which should have been dropped since S/MIME 3.x, see: https://tools.ietf.org/html/rfc5751#appendix-B Currently, openssl is preferred over epg (gpgsm), via (defcustom mml-smime-use (if (featurep 'epg) 'epg 'openssl)) in mml-smime.el. However, epg does not get loaded on its own even if it is present. Thus, users need to set mml-smime-use or require epg in their ~/.emacs, but the manual does not mention gpgsm at all. I plan to change this to prefer epg by default (and to document and recommend gpgsm). What’s your opinion? Best wishes Jens P.S. I’d like to clarify that I recommend OpenPGP, not S/MIME. Still, S/MIME is better than plaintext. _______________________________________________ info-gnus-english mailing list info-gnus-english@gnu.org https://lists.gnu.org/mailman/listinfo/info-gnus-english
