Hi Grant,
1. Convincing ourselves that we can live with the threat. In other words, we are OK given the combination of how rare we think said eavesdropping will be, and how severe the above consequences are.
I'm pretty OK with this, but I realize there's likely to be a broad spectrum of opinion from users about security, hard to know where to draw the lines.
2. Adding some kind of warning/confirmation UI (possibly tied to a preference) to the desktop client.
Sure.
3. Designing and implementing something more secure here (probably out of scope, but if someone has a bright and easily implemented idea ...).
My only thought is instead of issuing the real ticket, we could issue a use-once ticket that returns the real ticket. That way if you add the item and it works, you know the NSA didn't hack your data using that particular vector. This of course would rely on us sending different tickets to different recipients, which we aren't doing now.
Doesn't seem worth the effort to me, but I thought I'd mention it.
4. Living with the bug, i.e. not allowing users to add items they receive via email to new collections.
Not ideal, seems to me. Sincerely, Jeffrey _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Open Source Applications Foundation "chandler-dev" mailing list http://lists.osafoundation.org/mailman/listinfo/chandler-dev
