Re: Emacs client stuck when opening S/MIME signed emails

Subject: Re: Emacs client stuck when opening S/MIME signed emails

Date: Tue, 28 Oct 2025 17:17:31 -0700

To: Daniel Kahn Gillmor, David Bremner, notmuch@notmuchmail.org

Cc:

Hi David, Daniel,

Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:

> On Tue 2025-10-28 06:43:16 -0300, David Bremner wrote:
>> The usual problem is CRL revokation checks. You can disable these in 
>> ~/.gnupgu/gpgsm.conf with
>>
>>       disable-crl-checks
>
> David means ~/.gnupg/gpgsm.conf of course!
>

Thanks!  This solved my problem.

>> There is obviously a security tradeoff, but I guess it's better than
>> disabling gpgsm completely
>
> fwiw, *doing* crl checks is effectively a privacy problem (e.g., it's
> easy to build a a "phone home" mechanism out of a CRL if you control the
> certificate issuer), as well as the efficiency problem that Xiyue Deng
> is experiencing.  And it's not clear that CRL checks are a particularly
> strong security measure (e.g., a powerful attacker could simply block
> network traffic to the CRL server).
>
> On balance, i recommend setting disable-crl-checks by default.
>

And thanks for the background info of CRL!  Now I can set it with more
ease of mind :)

>    --dkg

-- 
Regards,
Xiyue Deng

signature.asc (application/pgp-signature)

_______________________________________________
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-leave@notmuchmail.org

Previous message (by thread): Re: Emacs client stuck when opening S/MIME signed emails

Thread:

Xiyue Deng—Emacs client stuck when opening S/MIME signed emails [inbox, signed, unread]
- David Bremner—Re: Emacs client stuck when opening S/MIME signed emails [inbox, unread]
  - Daniel Kahn Gillmor—Re: Emacs client stuck when opening S/MIME signed emails [inbox, signed, unread]
    - Xiyue Deng—Re: Emacs client stuck when opening S/MIME signed emails [inbox, signed, unread]