headers
mailinglists | 1 May 08:22
Picon

Re: Encrypt newsposts

Hi, thank you all,

my problem is that enigmail refuses to encrypt posts. Actively refuses.

I am using a shared public/private key and have set up identity and
rules such that encrypting is active when posting to this particular
newsgroup, say it's called rc.test

Enigmail finds the rule but then refuses to continue.

So it's not a matter of how to set up my keys, I (think I) already done
that. It's just that enigmail detects a newsgroup address in the
recipients and then prints this error and stops with this error message.

>> Presently enigmail complains: "Encrypted send operation aborted.\n\nThis
>> message cannot be encrypted because there are newsgroup recipients."

> You can Inline Sign News Group posts but in order to encrypt them You
> will need the Public Key for every recipient or encrypt to only Your Key
> which will make it impossible for others to read.  The 3rd option is for
> there to exist a Group Key shared by everyone receiving the News Group
> which may be Encrypted to and then each recipient can decrypt using the
> Group Key.  :-\

Thank you, I already did that. But enigmail refuses to inline encrypt my
post.

Regards

Hajo
(Continue reading)

Permalink | Reply | 10 comments |
headers
Robert J. Hansen | 1 May 09:03
Favicon
Gravatar

Re: Encrypt newsposts

mailinglists wrote:
> my problem is that enigmail refuses to encrypt posts. Actively refuses.

This is not an Enigmail defect, the same way that it's not a defect for
a pistol to refuse to fire if the safety is on.  In both cases, the
tools are behaving entirely properly, and have been designed that way
for your safety.

As a few people here have already told you, it doesn't make sense to use
asymmetric crypto to post encrypted messages to a newsgroup.  Enigmail
is not refusing to encrypt posts; it's refusing to let you do something
that it's pretty sure is a mistake.

What you want to do is _incredibly_ niche -- in a dozen years of being
active in the PGP world, this is the first time I've ever heard of it --
and it's reasonable for Enigmail to not support incredibly niche uses.
If we support this behavior, we will probably field hundreds of
"Enigmail doesn't work, it's garbling all my newsgroup posts!" for every
user who has a legitimate use case for the feature.

I would suggest going a different route.  Tell us what your specific
need is.  What do you wish to achieve?  There are probably better ways
to do it than this.
Permalink | Reply | 4 comments |
headers
John Clizbe | 1 May 09:04
X-Face

Re: Encrypt newsposts

mailinglists wrote:
> Hi, thank you all,
> 
> my problem is that enigmail refuses to encrypt posts. Actively refuses.
> 
> I am using a shared public/private key and have set up identity and
> rules such that encrypting is active when posting to this particular
> newsgroup, say it's called rc.test
> 
> Enigmail finds the rule but then refuses to continue.
> 
> So it's not a matter of how to set up my keys, I (think I) already done
> that. It's just that enigmail detects a newsgroup address in the
> recipients and then prints this error and stops with this error message.
> 
>>> Presently enigmail complains: "Encrypted send operation aborted.\n\nThis
>>> message cannot be encrypted because there are newsgroup recipients."
> 

<inline discussion snipped>
> 
> Thank you, I already did that. But enigmail refuses to inline encrypt my
> post.

I'm going to go out on a limb and say Enigmail is "Doing The Right
Thing(tm)". This is probably the only time I've ever seen mention of
encrypting news, so I don't think Enigmail should be changed to allow
it. It's an outlier behavior.

I think you're going to need to do your encryption up-front before
(Continue reading)

Permalink | Reply | 4 comments |
headers
mailinglists | 1 May 09:54
Picon

Re: Encrypt newsposts

Hi Robert,
>> my problem is that enigmail refuses to encrypt posts. Actively refuses.
>>     
> This is not an Enigmail defect, the same way that it's not a defect for
> a pistol to refuse to fire if the safety is on.  
I didn't think it was a defect, I thought enigmail was being overly
protective. My question is, how do I disable safety? I know what I am
doing and don't (always) want a tool protecting me from myself.
> As a few people here have already told you, it doesn't make sense to use
> asymmetric crypto to post encrypted messages to a newsgroup.
>   
Well, every once in a while, someone with more than 20 years experience
in the computer/programming field comes along and is pretty sure he
knows what he is doing ;-) And I think in my case it makes sense, but
perhaps you've got a better idea. See below.
> What you want to do is _incredibly_ niche -- in a dozen years of being
> active in the PGP world, this is the first time I've ever heard of it --
> and it's reasonable for Enigmail to not support incredibly niche uses.
>   
Oh perhaps its niche, but is it unreasonably for me to ask if there is
some switch to disable safety? It's not as if it isn't supported.
Instead my impression is that it is actively prohibited, IOW some safety
code was added, not some feature left out.
> I would suggest going a different route.  Tell us what your specific
> need is.  What do you wish to achieve?  There are probably better ways
> to do it than this.
>   
I would love to hear any ideas. Here is what I need. There is this small
software project with a handful of developers, testers and managers.
Currently we do all discussion via email, which is pretty cumbersome and
(Continue reading)

Permalink | Reply | 3 comments |
headers
mailinglists | 1 May 10:02
Picon

Re: Encrypt newsposts

Hi John,
> I think you're going to need to do your encryption up-front before
> clicking Send. PGPDesktop/GPGshell/WinPT all provide both current-window
> and clipboard capability for doing this.
>   
thanks for the suggestion, but that is out of the question. It's too
easy to forget to hit Ctrl+Alt+Whatever to encrypt the post before
hitting send. It needs to be fully automated, such as with the enigmail
rules.

Regards

Hajo
Permalink | Reply | 2 comments |
headers
Robert J. Hansen | 1 May 10:32
Favicon
Gravatar

Re: Encrypt newsposts

mailinglists wrote:
> I didn't think it was a defect, I thought enigmail was being overly 
> protective.  My question is, how do I disable [the] safety?

When people start talking about disabling weapon safeties because the
safety is overly protective, some sense of primordial self-preservation
deep in my hindbrain demands that I dive for cover.

You may want to think a bit about what you've just said here.

> I know what I am doing

I hope you won't take offense, but I doubt this to be true.

> Well, every once in a while, someone with more than 20 years 
> experience in the computer/programming field comes along and is 
> pretty sure he knows what he is doing ;-)

28 years of experience here, plus a thesis away from a Ph.D. in secure
software engineering.  Up until a few months ago I was breaking
electronic voting machines for a living.

John Clizbe has 34 years of experience.

Be very careful when you start using your years of experience as an
argument that you know what you're doing.  You quickly run afoul of
Whitaker's Law that way.  "Do not fall into the trap of the artisan who
boasts of twenty years' experience in his craft while in fact he has
only one year of experience -- twenty times."
(Continue reading)

Permalink | Reply | 1 comment |
headers
John Clizbe | 1 May 10:34
X-Face

Re: Encrypt newsposts

mailinglists wrote:
> Hi John,
>> I think you're going to need to do your encryption up-front before
>> clicking Send. PGPDesktop/GPGshell/WinPT all provide both current-window
>> and clipboard capability for doing this.
>>   
> thanks for the suggestion, but that is out of the question. It's too
> easy to forget to hit Ctrl+Alt+Whatever to encrypt the post before
> hitting send. It needs to be fully automated, such as with the enigmail
> rules.

Is 34 years coding and doing system design&admin with 30 of that getting
paid for it OK with your other reply to Rob (the more than 20 years
part)? ;-)

I have absolutely NO issue with what you are trying to achieve, but news
just doesn't feel like the proper solution implementation.

From your other reply:
> Any ideas? Here are the requirements:
> + Find a better alternative for software and project discussions than
> email. News would suit fine.
> + Support access control.
> + Don't leave news posts unencrypted on the server or anywhere else.
> They should be decrypted on the fly, just like enigmail does.
> + Allow easy archiving of old posts.
> + Allow new members to read old posts, which rules out encryping mails
>   to a predefined set of keys, as the keys of potentially new members
>   are not known to the original poster.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Andy Ruddock | 1 May 10:41
Favicon
Gravatar

Re: Encrypt newsposts


mailinglists wrote:
> Hi John,
>> I think you're going to need to do your encryption up-front before
>> clicking Send. PGPDesktop/GPGshell/WinPT all provide both current-window
>> and clipboard capability for doing this.
>>   
> thanks for the suggestion, but that is out of the question. It's too
> easy to forget to hit Ctrl+Alt+Whatever to encrypt the post before
> hitting send. It needs to be fully automated, such as with the enigmail
> rules.
> 

Per-recipient rules cover this.

--
Andy Ruddock
------------
andy.ruddock <at> rainydayz.org (GPG Key ID 0xA622D452)
Permalink | Reply | 0 comments |
headers
John W. Moore III | 1 May 14:09

Re: Encrypt newsposts


Robert J. Hansen wrote:

> If you don't want to host your own mailing lists, you could even do
> something through Yahoo! Groups.  The PGPNET mailing list does exactly
> this.  John Moore is one of the list moderators; he's active on this
> list and will be happy to walk you through the process of doing this.

My following of this thread so far indicates to Me that the 'Problem'
lies in the use of a News Group Server.  Because of the code within
Thunderbird/SeaMonkey making them News Group readers as well as MUA's
Enigmail will continue to block Your attempts to encrypt to what it
perceives as a Public Forum.

Use of a Group with Group Encryption using either a single Group Key or
encrypting to each individual Members Key is quite feasible.  Robert is
correct that I participate in this very activity several times a day.
Robert mentioned that PGPNET utilizes Yahoo Groups but the capability is
also workable using Google Groups.  Yahoo Groups offers a more
'attractive' interface but Google Groups offers some more esoteric
flexibility.  [IMAP, etc.,]

Should You choose to follow this route it will take roughly 20 minutes
of effort on the part of a Group Owner and about 5 minutes on the part
of each individual Member.

Please Note that Yahoo Groups has just 'Upgraded' Groups in the way in
which attachments are handled.  How they are handled is configured by
the specific Group.  Want them passed along?  Archived on the Group
site?  Your choice.
(Continue reading)

Permalink | Reply | 0 comments |
headers
Tyler Spivey | 2 May 16:18

Questions on per-recipient rules


1. Is it possible to import/export Per-recipient rules? Currently, creating them
is a quite tedius process and I don't want to  go through it again if I don't need to.

2. Would it be possible, in a future version of enigmail, to make the spacebar check/uncheck the keys in the
per-recipient rule key selection dialog? That would make it
quite a bit easier to just scroll through and check keys.
Permalink | Reply | 1 comment |

Gmane