On 02/02/2011 08:18 PM, Jameson Rollins wrote: > Hi, all. I have pushed a new branch called "crypto" to my notmuch > repository . This branch provides full support for PGP/MIME signed > and encrypted messages, including emacs UI support.
I have tested this, and am now using it. I'm very happy with it. I support its inclusion in the mainline. Thanks for doing this, Jamie. This is excellent! ----less important stuff follows---- I want to raise one (non-blocking) question about the decryption to see if anyone has any suggestions: If you do "notmuch show --format=json" on a PGP/MIME-encrypted plaintext message, it emits the base message, which is structured like this: 1 └┬╴multipart/encrypted 2 ├╴application/pgp-encrypted attachment 3 └╴application/octet-stream inline [msg.asc] with these patches, if you do "notmuch show --format=json --decrypt", it emits this instead: 1 └┬╴multipart/encrypted 2 └╴text/plain inline and it attaches an encstatus (and possibly sigstatus, if the message was signed) to part 1. I'll call this "method A". There are other methods that could be used as well, and it's worth making sure we've chosen one that we think is what we'll want in the future. here are two other proposals: Method B: 1 └┬╴multipart/encrypted 2 ├╴application/pgp-encrypted attachment 3 └╴text/plain inline That is, just replace part 3 (the actual encrypted body) with the decrypted material. This has the advantage that for single-part encrypted messages, the structure and part numbers of the message remains the same as without --decrypt. Method C: 1 └╴text/plain inline That is, replace the entire multipart/encrypted with the decrypted material. This avoids having an explicitly-labeled "multipart/encrypted" wrapper around cleartext (which might be considered odd). It would mean attaching the encstatus and sigstatus directly to the decrypted part, though. I don't actually see any of these methods as being significantly better than the others -- i think they all have some inherent ugliness. So i'm fine with going with method A as Jamie chose it and has it working. But i wanted to see if anyone had strong arguments in favor of the other methods (or if there are other --decrypt methods we could use, for that matter) --dkg
Description: OpenPGP digital signature
_______________________________________________ notmuch mailing list email@example.com http://notmuchmail.org/mailman/listinfo/notmuch