From: yamaoka Date: Thu, 10 Jul 2003 22:38:19 +0000 (+0000) Subject: Synch to Gnus 200307101527. X-Git-Url: http://git.chise.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1b7ee566778d86dde7a49bf023f8458e29927c59;p=elisp%2Fgnus.git- Synch to Gnus 200307101527. --- diff --git a/lisp/ChangeLog b/lisp/ChangeLog index 9544017..d4ac5eb 100644 --- a/lisp/ChangeLog +++ b/lisp/ChangeLog @@ -1,3 +1,8 @@ +2003-07-10 Simon Josefsson + + * mml-sec.el (mml-signencrypt-style-alist): Use "combined" by + default. Improve docstring. + 2003-07-10 Kai Gro,A_(Bjohann * imap.el (imap-arrival-filter): Fix test for missing process diff --git a/lisp/mml-sec.el b/lisp/mml-sec.el index c18cf2f..4a9e6e3 100644 --- a/lisp/mml-sec.el +++ b/lisp/mml-sec.el @@ -54,18 +54,21 @@ "Default encryption method.") (defcustom mml-signencrypt-style-alist - '(("smime" separate) - ("pgp" separate) - ("pgpauto" separate) - ("pgpmime" separate)) + '(("smime" combined) + ("pgp" combined) + ("pgpauto" combined) + ("pgpmime" combined)) "Alist specifying if `signencrypt' results in two separate operations or not. The first entry indicates the MML security type, valid entries include the strings \"smime\", \"pgp\", and \"pgpmime\". The second entry is a symbol `separate' or `combined' where `separate' means that MML signs and encrypt messages in a two step process, and `combined' means that MML signs and encrypt the message in one step. -Note that the `combined' mode is NOT supported by all OpenPGP implementations, -in particular PGP version 2 does not support it!" + +Note that the output generated by using a `combined' mode is NOT +understood by all PGP implementations, in particular PGP version +2 does not support it! See Info node `(message)Security' for +details." :type '(repeat (list (choice (const :tag "S/MIME" "smime") (const :tag "PGP" "pgp") (const :tag "PGP/MIME" "pgpmime") diff --git a/texi/ChangeLog b/texi/ChangeLog index 02acd5e..9dbc71b 100644 --- a/texi/ChangeLog +++ b/texi/ChangeLog @@ -1,3 +1,8 @@ +2003-07-10 Simon Josefsson + + * message.texi (Security): Discuss the PGP 2.x compatibility + problem. + 2003-06-24 Jesper Harder * sieve.texi (Sieve Mode): Formatting fix. diff --git a/texi/message-ja.texi b/texi/message-ja.texi index 0c5e15a..3f5c129 100644 --- a/texi/message-ja.texi +++ b/texi/message-ja.texi @@ -958,28 +958,6 @@ a multipart tag will be used; if no other parts are present in your message a single part tag will be used. This way, message mode will do the Right Thing (TM) with signed/encrypted multipart messages. -@vindex mml-signencrypt-style-alist -By default, when encrypting a message, Gnus will use the -``signencrypt'' mode. If you would like to disable this for a -particular message, give the @code{mml-secure-message-encrypt-*} -command a prefix argument. (for example, @kbd{C-u C-c C-m c p}). -Additionally, by default Gnus will separately sign, then encrypt a -message which has the mode signencrypt. If you would like to change -this behavior you can customize the @code{mml-signencrypt-style-alist} -variable. For example: - - -@lisp -(setq mml-signencrypt-style-alist '(("smime" combined) - ("pgp" combined) - ("pgpmime" combined))) -@end lisp - -Will cause Gnus to sign and encrypt in one pass, thus generating a -single signed and encrypted part. Note that combined sign and encrypt -does not work with all supported OpenPGP implementations (in -particular, @acronym{PGP} version 2 do not support this). - Since signing and especially encryption often is used when sensitive information is sent, you may want to have some way to ensure that your mail is actually signed or encrypted. After invoking the above @@ -993,6 +971,12 @@ party the other night, actually will be sent encrypted. RFC822 headers. They only operate on the @acronym{MIME} object. Keep this in mind before sending mail with a sensitive Subject line. +By default, when encrypting a message, Gnus will use the +``signencrypt'' mode, which means the message is both signed and +encrypted. If you would like to disable this for a particular +message, give the @code{mml-secure-message-encrypt-*} command a prefix +argument, e.g., @kbd{C-u C-c C-m c p}. + Actually using the security commands above is not very difficult. At least not compared with making sure all involved programs talk with each other properly. Thus, we now describe what external libraries or @@ -1062,9 +1046,10 @@ the passphrase prompt. @subsection Using PGP/MIME @acronym{PGP/MIME} requires an external OpenPGP implementation, such -as @uref{http://www.gnupg.org/, GNU Privacy Guard}. One Emacs -interface to OpenPGP implementations, PGG (@pxref{Top, ,PGG, pgg, PGG -Manual}), is included, but Mailcrypt and Florian Weimer's +as @uref{http://www.gnupg.org/, GNU Privacy Guard}. Pre-OpenPGP +implementations such as PGP 2.x and PGP 5.x are also supported. One +Emacs interface to the PGP implementations, PGG (@pxref{Top, ,PGG, +pgg, PGG Manual}), is included, but Mailcrypt and Florian Weimer's @code{gpg.el} are also supported. @vindex gpg-temp-directory @@ -1072,8 +1057,36 @@ Note, if you are using the @code{gpg.el} you must make sure that the directory specified by @code{gpg-temp-directory} have permissions 0700. -Creating your own OpenPGP key is described in detail in the -documentation of your OpenPGP implementation, so we refer to it. +Creating your own key is described in detail in the documentation of +your PGP implementation, so we refer to it. + +If you have imported your old PGP 2.x key into GnuPG, and want to send +signed and encrypted messages to your fellow PGP 2.x users, you'll +discover that the receiver cannot understand what you send. One +solution is to use PGP 2.x instead (i.e., if you use @code{pgg}, set +@code{pgg-default-scheme} to @code{pgp}). If you do want to use +GnuPG, you can use a compatibility script called @code{gpg-2comp} +available from +@url{http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp/}. You +could also convince your fellow PGP 2.x users to convert to GnuPG. +@vindex mml-signencrypt-style-alist +As a final workaround, you can make the sign and encryption work in +two steps; separately sign, then encrypt a message. If you would like +to change this behavior you can customize the +@code{mml-signencrypt-style-alist} variable. For example: + +@lisp +(setq mml-signencrypt-style-alist '(("smime" separate) + ("pgp" separate) + ("pgpauto" separate) + ("pgpmime" separate))) +@end lisp + +This causes to sign and encrypt in two passes, thus generating a +message that can be understood by PGP version 2. + +(Refer to @url{http://www.gnupg.org/gph/en/pgp2x.html} for more +information about the problem.) @end ignore @node Various Commands diff --git a/texi/message.texi b/texi/message.texi index 64f03d4..4cb6fd5 100644 --- a/texi/message.texi +++ b/texi/message.texi @@ -941,28 +941,6 @@ a multipart tag will be used; if no other parts are present in your message a single part tag will be used. This way, message mode will do the Right Thing (TM) with signed/encrypted multipart messages. -@vindex mml-signencrypt-style-alist -By default, when encrypting a message, Gnus will use the -``signencrypt'' mode. If you would like to disable this for a -particular message, give the @code{mml-secure-message-encrypt-*} -command a prefix argument. (for example, @kbd{C-u C-c C-m c p}). -Additionally, by default Gnus will separately sign, then encrypt a -message which has the mode signencrypt. If you would like to change -this behavior you can customize the @code{mml-signencrypt-style-alist} -variable. For example: - - -@lisp -(setq mml-signencrypt-style-alist '(("smime" combined) - ("pgp" combined) - ("pgpmime" combined))) -@end lisp - -Will cause Gnus to sign and encrypt in one pass, thus generating a -single signed and encrypted part. Note that combined sign and encrypt -does not work with all supported OpenPGP implementations (in -particular, @acronym{PGP} version 2 do not support this). - Since signing and especially encryption often is used when sensitive information is sent, you may want to have some way to ensure that your mail is actually signed or encrypted. After invoking the above @@ -976,6 +954,12 @@ party the other night, actually will be sent encrypted. RFC822 headers. They only operate on the @acronym{MIME} object. Keep this in mind before sending mail with a sensitive Subject line. +By default, when encrypting a message, Gnus will use the +``signencrypt'' mode, which means the message is both signed and +encrypted. If you would like to disable this for a particular +message, give the @code{mml-secure-message-encrypt-*} command a prefix +argument, e.g., @kbd{C-u C-c C-m c p}. + Actually using the security commands above is not very difficult. At least not compared with making sure all involved programs talk with each other properly. Thus, we now describe what external libraries or @@ -1045,9 +1029,10 @@ the passphrase prompt. @subsection Using PGP/MIME @acronym{PGP/MIME} requires an external OpenPGP implementation, such -as @uref{http://www.gnupg.org/, GNU Privacy Guard}. One Emacs -interface to OpenPGP implementations, PGG (@pxref{Top, ,PGG, pgg, PGG -Manual}), is included, but Mailcrypt and Florian Weimer's +as @uref{http://www.gnupg.org/, GNU Privacy Guard}. Pre-OpenPGP +implementations such as PGP 2.x and PGP 5.x are also supported. One +Emacs interface to the PGP implementations, PGG (@pxref{Top, ,PGG, +pgg, PGG Manual}), is included, but Mailcrypt and Florian Weimer's @code{gpg.el} are also supported. @vindex gpg-temp-directory @@ -1055,8 +1040,36 @@ Note, if you are using the @code{gpg.el} you must make sure that the directory specified by @code{gpg-temp-directory} have permissions 0700. -Creating your own OpenPGP key is described in detail in the -documentation of your OpenPGP implementation, so we refer to it. +Creating your own key is described in detail in the documentation of +your PGP implementation, so we refer to it. + +If you have imported your old PGP 2.x key into GnuPG, and want to send +signed and encrypted messages to your fellow PGP 2.x users, you'll +discover that the receiver cannot understand what you send. One +solution is to use PGP 2.x instead (i.e., if you use @code{pgg}, set +@code{pgg-default-scheme} to @code{pgp}). If you do want to use +GnuPG, you can use a compatibility script called @code{gpg-2comp} +available from +@url{http://muppet.faveve.uni-stuttgart.de/~gero/gpg-2comp/}. You +could also convince your fellow PGP 2.x users to convert to GnuPG. +@vindex mml-signencrypt-style-alist +As a final workaround, you can make the sign and encryption work in +two steps; separately sign, then encrypt a message. If you would like +to change this behavior you can customize the +@code{mml-signencrypt-style-alist} variable. For example: + +@lisp +(setq mml-signencrypt-style-alist '(("smime" separate) + ("pgp" separate) + ("pgpauto" separate) + ("pgpmime" separate))) +@end lisp + +This causes to sign and encrypt in two passes, thus generating a +message that can be understood by PGP version 2. + +(Refer to @url{http://www.gnupg.org/gph/en/pgp2x.html} for more +information about the problem.) @node Various Commands @section Various Commands