Sending attachments without crypt_autosign
Hi all, I recently started to sign all my mails and it took me little time to find out that you can't delete attachments in signed/encrypted mails ... ;-) Now I want to automate the way I use crypt_autosign that mutt checks first if there is an attachment and only signs the mail if that's not the case. I was thinking along the lines of send-hook '!~X 1-' 'set crypt_autosign="yes"' but that doesn't work as intended :-/ I'm sure that's an error on my side and therefore ask you guys to help me thinking in the right lines ... ;-) Many thanks in advance! Stefan B-) pgpJl3uqYmuRE.pgp Description: PGP signature
Re: Why does some list software not honor the headers? (was ... Re: People want ...)
* Erik Christiansen [02-28-13 02:44]: > On 27.02.13 15:59, Patrick Shanahan wrote: > > I am *against* "Reply-To:" mudging by list software and believe it > > should *only* be employed by a poster wishing replies to his posts to > > be rec'd by a different account such as posting from work and wanting > > receipt at home. > > Hmmm, I've tried using "Reply-To:" to point back to the list, in the > hope that it'd discourage those pesky additional "courtesy replies". > It's rarely had any effect, but wouldn't it be wonderful if most MUAs > would respect it? It may not, quite possibly not, be the mua. Mutt can be set to honor "Reply-To:", or not, but it is still possilbe to put any addr in the "To:" field that doesn't deviate from spec, or that does if you know how. -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.orgPhoto Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535@ http://linuxcounter.net
Re: Run command on an attachment
On Wed, Feb 27, 2013 at 08:14:13PM +0100, Salve Håkedal wrote: > My main machine don't have openoffice or similar installed, but > sometimes I need to use openoffice on an attachment. I now do that by > scp-ing files to that machine and then ssh -X into that machine. > > To scp an attachment to the other machine, I first save it from the > attachment menu. I'd like to skip this step. > > Is it possible to scp an attachment directly from mutt? should be doable with mailcap Richard --- Name and OpenPGP keys available from pgp key servers
Re: Run command on an attachment
* On 28 Feb 2013, Richard wrote: > On Wed, Feb 27, 2013 at 08:14:13PM +0100, Salve Håkedal wrote: > > > > Is it possible to scp an attachment directly from mutt? > > should be doable with mailcap This is the approach I would take, too. Rather than trying to move the attachment and open it elsewhere, make moving the attachment part of opening it locally, via mailcap. You could make a script called "remoteopen" that scps the file and uses a remote mailcap to open it, then use remoteopen as the local mailcap handler. -- David Champion • d...@bikeshed.us
Re: Why does some list software not honor the headers? (was ... Re: People want ...)
Incoming from Erik Christiansen:
> On 27.02.13 15:59, Patrick Shanahan wrote:
> > I am *against* "Reply-To:" mudging by list software and believe it
> > should *only* be employed by a poster wishing replies to his posts to
> > be rec'd by a different account such as posting from work and wanting
> > receipt at home.
>
> Hmmm, I've tried using "Reply-To:" to point back to the list, in the
> hope that it'd discourage those pesky additional "courtesy replies".
> It's rarely had any effect, but wouldn't it be wonderful if most MUAs
Perhaps, the Universe just hates us.
set ignore_list_reply_to=yes
Ya canna win! :-P
--
Any technology distinguishable from magic is insufficiently advanced.
(*) :(){ :|:& };:
- -
signature.asc
Description: Digital signature
Re: Why does some list software not honor the headers? (was ... Re: People want ...)
On Thu, Feb 28, 2013 at 06:41:55PM +1100, Erik Christiansen wrote: > On 27.02.13 15:59, Patrick Shanahan wrote: > > I am *against* "Reply-To:" mudging by list software and believe it > > should *only* be employed by a poster wishing replies to his posts to > > be rec'd by a different account such as posting from work and wanting > > receipt at home. > > Hmmm, I've tried using "Reply-To:" to point back to the list, in the > hope that it'd discourage those pesky additional "courtesy replies". > It's rarely had any effect, but wouldn't it be wonderful if most MUAs > would respect it? Having the *sender* of a message set Reply-To back to the list is actually a reasonable use of the feature. The problem comes up with the list tries to set the header itself, partially because it will munge any Reply-To header set for any reason by the original sender, and partly because in some cases, an off-list response might be needed. mutt's ignore_list_reply_to is useful because it only ignores the reply-to in the context of a known list *and* if the reply-to matches the To header. While this would ignore it in a case like you mentioned above, one hopes that mutt users would use list-reply in such a case anyway. w
Re: Run command on an attachment
Thanks all! Script + mailcap does it nicely! -- Salve
Why sign every message? (was Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote: > Hi all, > > I recently started to sign all my mails and it took me little time to find > out that you can't delete attachments in signed/encrypted mails ... ;-) > > Now I want to automate the way I use crypt_autosign that mutt checks first > if there is an attachment and only signs the mail if that's not the case. I > was thinking along the lines of I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? -- Will Fiveash
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
* Will Fiveash [02-28-13 14:25]: [...] > I have a couple of comments about this: > > - Why sign most messages? Unless the information is important for > others to verify that it came from a particular person why add the > bloat of a signature. Beyond this I find it ironic that people sign > e-mail with a private key where its public key isn't found on a > standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. > > - If one is concerned enough about allowing others to verify the > integrity of a message shouldn't this concern also extend to > attachments which are a classic attack vector? I believe it is *mostly* for show. I can so I will, see me. Your questions/statement are spot on. And some may not know how to sign one message and not another -- (paka)Patrick Shanahan Plainfield, Indiana, USA HOG # US1244711 http://wahoo.no-ip.orgPhoto Album: http://wahoo.no-ip.org/gallery2 http://en.opensuse.org openSUSE Community Member Registered Linux User #207535@ http://linuxcounter.net
Re: Why sign every message? (was Sending attachments without crypt_autosign
* Patrick Shanahan [2013-02-28 20:38]: * Will Fiveash [02-28-13 14:25]: [...] I have a couple of comments about this: - Why sign most messages? Unless the information is important for others to verify that it came from a particular person why add the bloat of a signature. Beyond this I find it ironic that people sign e-mail with a private key where its public key isn't found on a standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. - If one is concerned enough about allowing others to verify the integrity of a message shouldn't this concern also extend to attachments which are a classic attack vector? I believe it is *mostly* for show. I can so I will, see me. Your questions/statement are spot on. And some may not know how to sign one message and not another OK OK - I got it ... Thank you very much for being *that* helpful. Will: you have a very valid point with your second statement ... I didn't look at it that way but was only concerned about space. Regarding your first point I'm afraid I don't understand. I immediately went to pgp.mit.edu and looked my key up: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x2F1C8EE8DC35B4E3 But hey I'm sure I simply miss the technical understanding & knowledge about encryption and am just not clever enough to *really* understand what it's all about and just want to show off as Patrick assumed ;-) Let's leave it with that and forget the small technical question I asked ... Kindly yours Stefan
Re: Sending attachments without crypt_autosign
* Stefan Wimmer , 2013-02-28 12:55:39 Thu: > I recently started to sign all my mails and it took me little time > to find out that you can't delete attachments in signed/encrypted > mails ... ;-) I patched my copy of mutt so that it will let me delete attachments from encrypted messages (breaking the signature along the way). I can try to find said patch if there is some interest (it's a one-liner). -- David Haguenauer pgptU6VAS7xj2.pgp Description: Digital signature
Re: Why sign every message? (was Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 09:30:47PM +0100, Stefan Wimmer wrote: > * Patrick Shanahan [2013-02-28 20:38]: > >* Will Fiveash [02-28-13 14:25]: > >[...] > >>I have a couple of comments about this: > >> > >>- Why sign most messages? Unless the information is important for > >> others to verify that it came from a particular person why add the > >> bloat of a signature. Beyond this I find it ironic that people sign > >> e-mail with a private key where its public key isn't found on a > >> standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl. > >> > >>- If one is concerned enough about allowing others to verify the > >> integrity of a message shouldn't this concern also extend to > >> attachments which are a classic attack vector? [...] > Will: you have a very valid point with your second statement ... I didn't > look at it that way but was only concerned about space. Regarding your first > point I'm afraid I don't understand. I immediately went to pgp.mit.edu and > looked my key up: I wasn't referring to you specifically as I see you did publish your pubkey properly. Instead, I was referring to others (like s.keeling) that sign everything yet I can not retrieve their pubkey. -- Will Fiveash
Re: Why sign every message? (was Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 02:43:36PM -0600, Will Fiveash wrote: > I wasn't referring to you specifically as I see you did publish your > pubkey properly. Instead, I was referring to others (like s.keeling) > that sign everything yet I can not retrieve their pubkey. I'm actually working with him on that right now. I think he has multiple keys and is signing with the wrong one. -Jeremy pgpWdHfUZHsPa.pgp Description: PGP signature
Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote:
> * Stefan Wimmer , 2013-02-28 12:55:39 Thu:
> > I recently started to sign all my mails and it took me little time
> > to find out that you can't delete attachments in signed/encrypted
> > mails ... ;-)
>
> I patched my copy of mutt so that it will let me delete attachments
> from encrypted messages (breaking the signature along the way). I can
> try to find said patch if there is some interest (it's a one-liner).
Thanks for the idea. I've attached a patch that provides a
allow_signed_attach_delete boolean option which if set will allow one to
delete attachments from a signed message. See the patch for the
details.
--
Will Fiveash
# HG changeset patch
# User Will Fiveash
# Date 1362092439 21600
# Branch HEAD
# Node ID 1dd89609c1b16c9f3656ff7117fcb5719f5b6dec
# Parent 8c4b813160a898dc2014eaa85a49a4e0d3e30472
support new option to allow deletion of attachments in signed messages
diff --git a/init.h b/init.h
--- a/init.h
+++ b/init.h
@@ -149,6 +149,12 @@
** and give it the same color as your attachment color (see also
** $$crypt_timestamp).
*/
+ { "allow_signed_attach_delete", DT_BOOL, R_NONE, OPTALLOWSIGNATTCHDEL,
0 },
+ /*
+ ** .pp
+ ** Controls whether attachments in signed e-mails can be deleted. It is
false
+ ** by default.
+ */
{ "arrow_cursor",DT_BOOL, R_BOTH, OPTARROWCURSOR, 0 },
/*
** .pp
diff --git a/mutt.h b/mutt.h
--- a/mutt.h
+++ b/mutt.h
@@ -314,6 +314,7 @@
{
OPTALLOW8BIT,
OPTALLOWANSI,
+ OPTALLOWSIGNATTCHDEL,
OPTARROWCURSOR,
OPTASCIICHARS,
OPTASKBCC,
diff --git a/recvattach.c b/recvattach.c
--- a/recvattach.c
+++ b/recvattach.c
@@ -1119,7 +1119,8 @@
}
#endif
-if (WithCrypto && hdr->security & ~PGP_TRADITIONAL_CHECKED)
+if (!option(OPTALLOWSIGNATTCHDEL) && WithCrypto &&
+ (hdr->security & ~PGP_TRADITIONAL_CHECKED))
{
mutt_message _(
"Deletion of attachments from encrypted messages is unsupported.");
pgpT6lfdVMXa_.pgp
Description: PGP signature
Re: Sending attachments without crypt_autosign
On Thu, Feb 28, 2013 at 05:03:23PM -0600, Will Fiveash wrote:
> On Thu, Feb 28, 2013 at 03:35:44PM -0500, David Haguenauer wrote:
> > * Stefan Wimmer , 2013-02-28 12:55:39 Thu:
> > > I recently started to sign all my mails and it took me little time
> > > to find out that you can't delete attachments in signed/encrypted
> > > mails ... ;-)
> >
> > I patched my copy of mutt so that it will let me delete attachments
> > from encrypted messages (breaking the signature along the way). I can
> > try to find said patch if there is some interest (it's a one-liner).
>
> Thanks for the idea. I've attached a patch that provides a
> allow_signed_attach_delete boolean option which if set will allow one to
> delete attachments from a signed message. See the patch for the
> details.
I tweaked the description of the option a bit and have attached the
modified patch.
--
Will Fiveash
# HG changeset patch
# User Will Fiveash
# Date 1362093073 21600
# Branch HEAD
# Node ID bd8e669e66a0add24813e41f7836fd80c85dbc03
# Parent 8c4b813160a898dc2014eaa85a49a4e0d3e30472
support new option to allow deletion of attachments in signed messages
diff --git a/init.h b/init.h
--- a/init.h
+++ b/init.h
@@ -149,6 +149,12 @@
** and give it the same color as your attachment color (see also
** $$crypt_timestamp).
*/
+ { "allow_signed_attach_delete", DT_BOOL, R_NONE, OPTALLOWSIGNATTCHDEL,
0 },
+ /*
+ ** .pp
+ ** Controls whether attachments in signed e-mails can be deleted. Note,
deleting attachments
+ ** will cause the signature verification of the affected message to fail.
+ */
{ "arrow_cursor",DT_BOOL, R_BOTH, OPTARROWCURSOR, 0 },
/*
** .pp
diff --git a/mutt.h b/mutt.h
--- a/mutt.h
+++ b/mutt.h
@@ -314,6 +314,7 @@
{
OPTALLOW8BIT,
OPTALLOWANSI,
+ OPTALLOWSIGNATTCHDEL,
OPTARROWCURSOR,
OPTASCIICHARS,
OPTASKBCC,
diff --git a/recvattach.c b/recvattach.c
--- a/recvattach.c
+++ b/recvattach.c
@@ -1119,7 +1119,8 @@
}
#endif
-if (WithCrypto && hdr->security & ~PGP_TRADITIONAL_CHECKED)
+if (!option(OPTALLOWSIGNATTCHDEL) && WithCrypto &&
+ (hdr->security & ~PGP_TRADITIONAL_CHECKED))
{
mutt_message _(
"Deletion of attachments from encrypted messages is unsupported.");
pgpFYO984WZ2s.pgp
Description: PGP signature
Re: Why sign every message? (was Re: Sending attachments without crypt_autosign
Incoming from Will Fiveash:
> On Thu, Feb 28, 2013 at 12:55:39PM +0100, Stefan Wimmer wrote:
> >
> > I recently started to sign all my mails and it took me little time
> > to find out that you can't delete attachments in signed/encrypted
> > mails ... ;-)
> >
> > Now I want to automate the way I use crypt_autosign that mutt
> > checks first if there is an attachment and only signs the mail if
> > that's not the case. I was thinking along the lines of
>
> I have a couple of comments about this:
>
> - Why sign most messages? Unless the information is important for
> others to verify that it came from a particular person why add the
> bloat of a signature. Beyond this I find it ironic that people sign
> e-mail with a private key where its public key isn't found on a
> standard PGP/GPG keyserver like pgp.mit.edu or kerckhoffs.surfnet.nl.
Until recently, I thought the same. My $0.02; it's a political
statement, it's me reacting to what appears to me to be rampant
fascism. I rejoiced when Spain buried Franco, yet it appears many
countries have chosen Oligopoly/Plutocracy/Fascism behind our backs.
This's just me saying "no". :-P
> - If one is concerned enough about allowing others to verify the
> integrity of a message shouldn't this concern also extend to
> attachments which are a classic attack vector?
See the mutt manual for "auto_view".
--
Any technology distinguishable from magic is insufficiently advanced.
(*) :(){ :|:& };:
- -
signature.asc
Description: Digital signature
Re: Why sign every message? (was Sending attachments without crypt_autosign
Incoming from Will Fiveash:
>
> I wasn't referring to you specifically as I see you did publish your
> pubkey properly. Instead, I was referring to others (like s.keeling)
> that sign everything yet I can not retrieve their pubkey.
... which is very annoying to me too.
===
(0) infidel /home/keeling_ gpg --list-secret-keys
/home/keeling/.gnupg/secring.gpg
sec 1024D/AC94E4B7 2003-12-21
uid s. keeling (21Dec2003)
ssb 1024g/534197F0 2003-12-21
ssb 2048R/A0F68CAF 2008-02-01
===
http://pgp.mit.edu:11371/pks/lookup?search=keeling&op=index
I've no idea what I did wrong or how to fix it (workin' on it), but I
must have missed something.
--
Any technology distinguishable from magic is insufficiently advanced.
(*) :(){ :|:& };:
- -
signature.asc
Description: Digital signature
