[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-14 Thread Olly Betts 
On 2010-01-08, James Westby wrote:
> That would leave an open question over whether future notmuch show
> invocations would return the plaintext or ciphertext. If it is the
> latter then it requires decrypting every time you want to view it, but
> it does mean that there is less information leakage (you could find out
> whether an encrypted message contained a particular term, but not read
> the whole message directly).

You can actually use the term position information to reconstruct the
original message text pretty well.  It misses capitalisation, punctuation,
and distinctions between whitespace, but is generally enough to allow
the message to be understood:

http://article.gmane.org/gmane.comp.search.xapian.general/2187

Cheers,
Olly

Re: [notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-14 Thread Olly Betts 
On 2010-01-08, James Westby wrote:
 That would leave an open question over whether future notmuch show
 invocations would return the plaintext or ciphertext. If it is the
 latter then it requires decrypting every time you want to view it, but
 it does mean that there is less information leakage (you could find out
 whether an encrypted message contained a particular term, but not read
 the whole message directly).

You can actually use the term position information to reconstruct the
original message text pretty well.  It misses capitalisation, punctuation,
and distinctions between whitespace, but is generally enough to allow
the message to be understood:

http://article.gmane.org/gmane.comp.search.xapian.general/2187

Cheers,
Olly

___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-10 Thread Ruben Pollan 
On 14:41, Fri 08 Jan 10, micah anderson wrote:
> On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan  
> wrote:
> > On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> > > How about indexing GPG-encrypted messages?
> > 
> > I think that would be security hole. You should not store the
> > encrypted messages on a decrypted database. A solution whould be to
> > encrypt as well the xapian DB, but I think is too complex for the use.
> 
> Would you consider it a security hole if you stored your database on
> encrypted media (such as on-disk block encryption)?

No, in this case should be not a security hole. But anyway what is secure and
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.

But I think notmuch by default should not do so. This kind of things should be
something that the user activate by hand knowing what she is doing.

> I know that sup does this, when it ran over my mail store, it would
> trigger my gpg agent so that it could decrypt the encrypted
> messages. This was annoying because this happened every time it ran,
> which meant that unless I had used gpg recently, my agent would pop up
> and ask me for my passphrase, which was often.

I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the 
out-of-the-box behavior.

> The way Mutt provides this functionality is by decrypting only when you
> perform the search itself.

Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.



-- 
Rub?n Poll?n  | jabber:meskio at jabber.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el ?ngel que hab?a en el otro.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:

Re: [notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-10 Thread Ruben Pollan 
On 14:41, Fri 08 Jan 10, micah anderson wrote:
 On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan mes...@sindominio.net wrote:
  On 15:56, Fri 08 Jan 10, martin f krafft wrote:
   How about indexing GPG-encrypted messages?
  
  I think that would be security hole. You should not store the
  encrypted messages on a decrypted database. A solution whould be to
  encrypt as well the xapian DB, but I think is too complex for the use.
 
 Would you consider it a security hole if you stored your database on
 encrypted media (such as on-disk block encryption)?

No, in this case should be not a security hole. But anyway what is secure and
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.

But I think notmuch by default should not do so. This kind of things should be
something that the user activate by hand knowing what she is doing.

 I know that sup does this, when it ran over my mail store, it would
 trigger my gpg agent so that it could decrypt the encrypted
 messages. This was annoying because this happened every time it ran,
 which meant that unless I had used gpg recently, my agent would pop up
 and ask me for my passphrase, which was often.

I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the 
out-of-the-box behavior.

 The way Mutt provides this functionality is by decrypting only when you
 perform the search itself.

Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.



-- 
Rubén Pollán  | jabber:mes...@jabber.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el ángel que había en el otro.


signature.asc
Description: Digital signature
___
notmuch mailing list
notmuch@notmuchmail.org
http://notmuchmail.org/mailman/listinfo/notmuch

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread martin f krafft 
also sprach Ruben Pollan  [2010.01.08.2221 +1300]:
> I think that would be security hole. You should not store the
> encrypted messages on a decrypted database. A solution whould be
> to encrypt as well the xapian DB, but I think is too complex for
> the use.

As I said in <20100108091216.GC735 at lapse.rw.madduck.net>, I think it
should be optionally possible for those that are encrypting the
xapian DB in other ways.

> You should be still able, with the actual notmuch, to search over
> the headers of your encrypted messages, or any other non-encrypted
> part of the message. Is not like that?

Most of the time, I search headers, but I do search bodies
regularly. So no, that would not be enough, at least not with the
ideal solution. And notmuch comes close to ideal already! ;)

-- 
martin | http://madduck.net/ | http://two.sentenc.es/

infinite loop: see 'loop, infinite'.
loop, infinite: see 'infinite loop'.

spamtraps: madduck.bogus at madduck.net
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
URL:

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread martin f krafft 
also sprach Mike Hommey  [2010.01.08.2109 +1300]:
> That may leak decrypted form in the xapian index, though in
> a split manner. But that'd still be a problem IMHO.

Not for me, since the index is stored on encrypted media. Thus, this
should be off-by-default, but possible.

-- 
martin | http://madduck.net/ | http://two.sentenc.es/

"academia is really just a way to help those with high volumes of
 nothing to say to social status."
 -- myself on #debian-devel, 01 Feb 2007

spamtraps: madduck.bogus at madduck.net
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
URL:

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread martin f krafft 
also sprach Jameson Graef Rollins  
[2009.11.26.1901 +1300]:
> I would really like to start using notmuch with emacs beyond just
> testing, but I really need to be able to handle/read/send mail with
> PGP/MIME encoded attachments.  Do folks have any suggestions on how to
> handle this?  Is there a separate emacs mode that people use for
> signing/verifying/{de,en}crypting mail buffers, or is this something
> that is going to have to be integrated into the notmuch mode?  I guess
> the notmuch-show mode at least will need to do some verifying and
> decrypting.

How about indexing GPG-encrypted messages?

-- 
martin | http://madduck.net/ | http://two.sentenc.es/

"a scientist once wrote that all truth passes through three stages:
 first it is ridiculed, then violently opposed and eventually,
 accepted as self-evident."
   -- schopenhauer

spamtraps: madduck.bogus at madduck.net
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature (see http://martin-krafft.net/gpg/)
URL:

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread micah anderson 
On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan  
wrote:
> On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> > How about indexing GPG-encrypted messages?
> 
> I think that would be security hole. You should not store the
> encrypted messages on a decrypted database. A solution whould be to
> encrypt as well the xapian DB, but I think is too complex for the use.

Would you consider it a security hole if you stored your database on
encrypted media (such as on-disk block encryption)?

I know that sup does this, when it ran over my mail store, it would
trigger my gpg agent so that it could decrypt the encrypted
messages. This was annoying because this happened every time it ran,
which meant that unless I had used gpg recently, my agent would pop up
and ask me for my passphrase, which was often.

The way Mutt provides this functionality is by decrypting only when you
perform the search itself.

micah
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL:

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread James Westby 
On Fri, 8 Jan 2010 15:56:10 +1300, martin f krafft  
wrote:
> also sprach Jameson Graef Rollins  
> [2009.11.26.1901 +1300]:
> > I would really like to start using notmuch with emacs beyond just
> > testing, but I really need to be able to handle/read/send mail with
> > PGP/MIME encoded attachments.  Do folks have any suggestions on how to
> > handle this?  Is there a separate emacs mode that people use for
> > signing/verifying/{de,en}crypting mail buffers, or is this something
> > that is going to have to be integrated into the notmuch mode?  I guess
> > the notmuch-show mode at least will need to do some verifying and
> > decrypting.
> 
> How about indexing GPG-encrypted messages?

I think the difficulty will be interactivity. If notmuch-new can
potentially block watiting for a passphrase then it's not going to be
much use for non-interactive use, and whether someone can respond to a
GPG prompt is harder to determine that isatty().

Configuration may be a possible way around that, but looking at other
things such as opportunistic indexing could be good. For instance,
it could be the job of the UIs to decrypt content, and there could be a
nomuch function which takes a message id and decrypted content and
indexes it in to the DB. That means it's under the UI's control, where
the decryption UI should be, gets you indexing of encrypted content.

That would leave an open question over whether future notmuch show
invocations would return the plaintext or ciphertext. If it is the
latter then it requires decrypting every time you want to view it, but
it does mean that there is less information leakage (you could find out
whether an encrypted message contained a particular term, but not read
the whole message directly).

Thanks,

James

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread Ruben Pollan 
On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> How about indexing GPG-encrypted messages?

I think that would be security hole. You should not store the encrypted messages
on a decrypted database. A solution whould be to encrypt as well the xapian DB,
but I think is too complex for the use.

You should be still able, with the actual notmuch, to search over the headers 
of 
your encrypted messages, or any other non-encrypted part of the message. Is not
like that?

-- 
Rub?n Poll?n  | jabber:meskio at jabber.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
 Cuando los que mandan pierden la verg?enza,
los que obedecen pierden el respeto.
-- next part --
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL:

[notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-08 Thread Mike Hommey 
On Fri, Jan 08, 2010 at 03:56:10PM +1300, martin f krafft wrote:
> also sprach Jameson Graef Rollins  
> [2009.11.26.1901 +1300]:
> > I would really like to start using notmuch with emacs beyond just
> > testing, but I really need to be able to handle/read/send mail with
> > PGP/MIME encoded attachments.  Do folks have any suggestions on how to
> > handle this?  Is there a separate emacs mode that people use for
> > signing/verifying/{de,en}crypting mail buffers, or is this something
> > that is going to have to be integrated into the notmuch mode?  I guess
> > the notmuch-show mode at least will need to do some verifying and
> > decrypting.
> 
> How about indexing GPG-encrypted messages?

That may leak decrypted form in the xapian index, though in a split
manner. But that'd still be a problem IMHO.

Mike