Re: What should go into 1.5.7?

To: mutt-dev@xxxxxxxx
Subject: Re: What should go into 1.5.7?
From: Werner Koch <wk@xxxxxxxxx>
Date: Mon, 14 Feb 2005 21:27:56 +0100
In-reply-to: <20050214160810.GA11279@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> (Christoph Ludwig's message of "Mon, 14 Feb 2005 17:08:11 +0100")
List-unsubscribe: <mailto:mutt-dev-request@mutt.org?body=unsubscribe>
Mail-followup-to: mutt-dev@xxxxxxxx
Openpgp: id=5B0358A2; url=finger:wk@xxxxxxxxxxx
Organisation: g10 Code GmbH
References: <20050126115002.GH4589@xxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050127175406.GA4715@xxxxxxxxxxxxxxxxxx> <20050127224021.GD4140@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <87y8ed51yd.fsf@xxxxxxxxxxxxxxxxxxxxx> <20050128131019.GC3505@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <20050211200127.GA20165@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx> <87vf8vea52.fsf@xxxxxxxxxxxxxxxxxxxxx> <20050214160810.GA11279@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-mutt-dev@xxxxxxxx
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)

On Mon, 14 Feb 2005 17:08:11 +0100, Christoph Ludwig said:

> rejects the certificate and - in consequence - the signature. (That behaviour
> is ok IMHO but I'd prefer if the signature information would tell me the
> reason of the rejection.) However, in mutt's status line I read 'S/MIME

We discussed this during kmail development over and over and the
outcome is that kmail has a buttun do check the certificates then.
Something similar should be done in Mutt too.  Anyway, we won't be
able to present all things in detail and in a way understandable for
the average user - thus many situations may only be examined using the
log files.


> signature successfully verified'. That's confusing!

Yes, it is.  We are working on that.  Note that there might even be
some messages it can't parse - please report those; we are going to
fix them.  I have one such fix in CVS (for libksba) so with the next
gnupg 1.9 version more bugs will get squished out.

> I don't want to leave the CRL checks disabled whence I need to figure out the
> problem with dirmngr. The only information I find in the log when verifying a
> good signature corresponding to a non revoked cert is

Pleae update to dirmngr 0.9.1 - I fixed a bug which looks like yours.

> Must the distribution point in the certificate be given in any particular
> format? (I am going to sign this message so anyone interested can have a look

Well, LDAP and HHTP are supported. https is not really supported but
we try simply http instead, which surprisingly often works.

> at the URI.) Or how can I find out *why* the ldap lookup failed?

Add 

debug 2

to dirmngr.conf

> I try to actually sign a message with the new key then I get an error that the
> secret key file was not found. The log does not show anything... :-(

Sure that the public key is available and all certificates up to the
root?  Try:

 gpgsm -k --with-validation user_ID_of_new_key

The user Id is best specified using the fingerprint or the keyid
(last 8 hex digits); see README.



Shalom-Salam,

   Werner

References:
- What should go into 1.5.7?
  - From: Thomas Roessler
- Re: What should go into 1.5.7?
  - From: John J. Foster
- Re: What should go into 1.5.7?
  - From: Christoph Ludwig
- Re: What should go into 1.5.7?
  - From: Werner Koch
- Re: What should go into 1.5.7?
  - From: Christoph Ludwig
- Re: What should go into 1.5.7?
  - From: Christoph Ludwig
- Re: What should go into 1.5.7?
  - From: Werner Koch
- Re: What should go into 1.5.7?
  - From: Christoph Ludwig

Prev by Date: Registration is accepted
Next by Date: manual.txt
Previous by thread: Re: What should go into 1.5.7?
Next by thread: S/MIME (was: What should go into 1.5.7?)
Index(es):
- Date
- Thread