From: guido@trentalancia.net (Guido Trentalancia)
Date: Fri, 02 Sep 2016 17:31:03 +0200
Subject: [refpolicy] [PATCH] gpg: public key signature verification in
 evolution
In-Reply-To: <9bee257d-430a-0562-ee21-0dd2144c5519@gmail.com>
References: <1472737946.17989.0.camel@trentalancia.net>
	<7958812d-93fe-ded7-fb23-6d02c150bcb3@ieee.org>
	<bc32fd38-c6d6-aa2e-bd61-44c9a99fb344@gmail.com>
	<1472815602.23008.8.camel@trentalancia.net>
	<09e0ed56-7f4d-71e8-d970-acecc18e2376@gmail.com>
	<1472827326.21408.7.camel@trentalancia.net>
	<ba6b07af-8e15-dfd0-bab5-0dcdfe2b0e86@gmail.com>
	<1472828561.21408.12.camel@trentalancia.net>
	<9bee257d-430a-0562-ee21-0dd2144c5519@gmail.com>
Message-ID: <1472830263.21408.17.camel@trentalancia.net>
To: refpolicy@oss.tresys.com
List-Id: refpolicy.oss.tresys.com

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On Fri, 02/09/2016 at 17.09 +0200, Dominick Grift via refpolicy wrote:
> On 09/02/2016 05:02 PM, Guido Trentalancia via refpolicy wrote:

[...]

> > > > > > > however eventually it probably need rw instead of r, For
> > > > > > > example
> > > > > > > when
> > > > > > > you sign emails.
> > > > > > 
> > > > > > Let's try to sign this message and see if it also requires
> > > > > > write
> > > > > > permissions...
> > > > 
> > > > It doesn't require write permissions, as it is evident in the
> > > > new
> > > > version of the patch.
> > > > 
> > > > > 
> > > > > 
> > > > > is that PGP/MIME or in-line signing? I dont use evolution so
> > > > > not
> > > > > sure
> > > > > if
> > > > > it even support in-line signatures or PGP/MIME
> > > > 
> > > > It's PGP signing. SMIME signing does not use gpg.
> > > > 
> > > 
> > > I think there is a misunderstanding PGP/MIME will (AFAIK) attach
> > > the
> > > signature in a separate file whereas in-line signing adds the
> > > signature
> > > to the actual message instead.
> > 
> > Yes, it's openPGP/MIME. The same as in your messages.
> 
> Okay fine, I think it might need read/write if one encloses
> signatures
> in mail messages in-line

This one seems to be difficult...

It doesn't need the write permission for signing messages, whatever
signing method you choose.

It only needs read permissions for signing messages !

Guido
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iF4EAREIAAYFAlfJmz4ACgkQdvBbOlZ5jsk2+gEAjsXkVGF12qs6iGnqhaISsNbf
a/d7+BRBJG6MGJQATvMBAL2vj7fIhPeo7NYegTfliAIhPPKMPTjA/1dUJm57HkE7
=R0KM
-----END PGP SIGNATURE-----