oss-sec mailing list archives
Re: distros & linux-distros embargo period and message format
From: Solar Designer <solar () openwall com>
Date: Sat, 4 Feb 2012 07:48:39 +0400
On Fri, Feb 03, 2012 at 10:00:24PM -0500, Michael Gilbert wrote:
On Fri, Feb 3, 2012 at 8:45 PM, Solar Designer wrote:Yet the delay itself matters too. There are different opinions as to whether it is "the important aspect" or not.That's why I think its more appropriate to defer such decisions to the researcher who understands the complexity of the problem at hand (of course hopefully allowing negotiation with those affected to choose a disclosure date that can be met).
That's what we have now, right?
[...] I need a tool - a program to mass-decrypt a PGP/MIME mbox, producing another mbox. I think such a program might be generally useful. Well, or alternatively I need to introduce a different mechanism for the archive - not treat it as a regular subscriber like I intended to.Completely unfleshed out, but a pseudo-bash script along the lines of the following should do it: echo "" > newmbox gpg-agent --allow-preset-passphrase /usr/lib/gnupg2/gpg-preset-passphrase --preset <cache id> cat mbox | while read line; do test <header> && echo $line >> /tmp/header test <body> && echo $line >> /tmp/body if [ <end off body> ]; then cat /tmp/header >> newmbox cat /tmp/body | gpg --decrypt >> newmbox fi done /usr/lib/gnupg2/gpg-preset-passphrase --forget Obviously a bit more work there to figure out appropriate conditionals to put in the angle brackets.
Unless I am missing something, this doesn't handle MIME at all - so it won't do the trick. I was thinking of building something upon Mutt in its entirety (e.g., talk to it with expect) or upon pieces of code from Mutt (since it handles such mbox'es just fine) or maybe upon my own mbox and MIME parsing code from blists (but add the gpg invocations to it myself). Alternatively, I could in fact make the list archive recipient special such that there would be no MIME at that level - re-encrypt entire already-decrypted messages to the archive key such that the resulting messages are no longer valid for viewing with a MUA, but such that we can decrypt them again easier (without parsing MIME). This might be less code to write. Alexander
Current thread:
- Re: distros & linux-distros embargo period and message format, (continued)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Marc Deslauriers (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Kurt Seifried (Feb 01)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Michael Gilbert (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 03)
- Re: distros & linux-distros embargo period and message format Solar Designer (Feb 01)