Re: cope with inline PGP encrypted messages
On Thu 2018-05-10 09:39:32 -0300, David Bremner wrote: > Daniel Kahn Gillmorwrites: > >> Not sure how to best >> represent that in nmbug -- but for now i've removed >> notmuch::needs-review and added notmuch::wip. bremner, let me know if >> you think i should have done something different. > > I also marked the other two patches in the series as WIP; feel free to > remind me they've already been reviewed if/when the whole series is > resubmitted. i think you marked two patches from a different series (the "notmuch show --decrypt=stash" series) as WIP. For the record, that series is not the same as this inline PGP series! I've gone ahead and pushed a v2 of the "notmuch show --decrypt=stash" series, and removed the notmuch::wip tag from the v1 patches, so i think there's nothing to clean up now. just wanted to make it clear that i am still pursuing "notmuch show --decrypt=stash" (i think it's ready for merge actually!) even as i take "inline PGP encryption" back to the shop for repairs. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: cope with inline PGP encrypted messages
Daniel Kahn Gillmorwrites: > Not sure how to best > represent that in nmbug -- but for now i've removed > notmuch::needs-review and added notmuch::wip. bremner, let me know if > you think i should have done something different. I also marked the other two patches in the series as WIP; feel free to remind me they've already been reviewed if/when the whole series is resubmitted. d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: cope with inline PGP encrypted messages
On Tue 2017-12-12 01:15:48 -0500, Daniel Kahn Gillmor wrote: > Inline PGP encrypted messages are clearly worse than PGP/MIME > structured encrypted messages. There are no standards for how they > are formed, and they don't offer any structured metadata about how to > interpret the bytestream produced by decrypting them. > > However, some other MUAs and end-user workflows may make creation of > inline PGP encrypted messages the only available option for message > encryption, and when Notmuch encounters such a message, it should make > a reasonable best-effort to render the cleartext to the user. Jamie Rollins points out that I need to think more about some of the security implications of this patch series, so i'd prefer to withdraw it from consideration for notmuch at the moment. i'd say it's a WIP but really not ready for general consumption. Not sure how to best represent that in nmbug -- but for now i've removed notmuch::needs-review and added notmuch::wip. bremner, let me know if you think i should have done something different. I do think that we need to come up with *some* way of letting people read messages with inline PGP encrypted chunks in them safely. Otherwise, notmuch users will resort to dirty tricks (because they want to read the mail), and those dirty tricks will possibly be worse than anything we come up with. But higher-priority issues are drawing my attention right now, and i don't want this series to distract from them. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
cope with inline PGP encrypted messages
Inline PGP encrypted messages are clearly worse than PGP/MIME structured encrypted messages. There are no standards for how they are formed, and they don't offer any structured metadata about how to interpret the bytestream produced by decrypting them. However, some other MUAs and end-user workflows may make creation of inline PGP encrypted messages the only available option for message encryption, and when Notmuch encounters such a message, it should make a reasonable best-effort to render the cleartext to the user. Due to ambiguities in interpretation of signatures on inline messages (e.g. which parts of the message were actually signed? what character encoding should the bytestream be interpreted as), we continue to ignore inline-signed messages entirely, and we do not look at the validity of any signatures that might be found when decrypting inline PGP encrypted messages. We make use here of GMime's optimization function for detecting the presence of inline PGP encrypted content, which is only found in GMime 3.0 or later. This series is currently based n top of the "notmuch show --decrypt=stash" series, which it needs to be able to apply cleanly. If that series proves controversial, i could rebase this patch manually against some earlier commit. If you have applied this series, and you know you have some inline PGP messages already in your message store, you can try to retroactively reindex them with something like: notmuch reindex --decrypt=true BEGIN-PGP-MESSAGE and not tag:encrypted I welcome review and feedback about this series. --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch