On Thu 2016-06-02 14:21:44 -0400, Mark Walters wrote: > There was some discussion on irc yesterday about a better way of > postponing message when using the emacs frontend. I think getting a > moderately nice interface should be quite easy (see below) but there are > some corner cases on what *should* happen that I would like to resolve > before trying to implement anything.
one other corner case worth thinking about here (it can probably be
postponed until we have base cases handled, but i wanted to bring it up)
is how per-message cryptographic operations (mml-secure-*) interact with
drafts.
In particular, i think that any sort of message signing should *not*
happen during saving of a draft, but the intent to sign should be
preserved. That is, we should save and restore the #secure tag when
saving a draft or restoring a draft, but the saved draft itself should
*not* be signed.
for encryption, i have a different (and arguably opposite) intuition.
if the sender has the ability to *decrypt* mails, i'd argue that saving
a draft should encrypt the draft, regardless of the draft's stated
intent to encrypt.
These cases matter because i know many people use tools like
offline-imap to sync their mail store with a remote mailserver.
if the remote mailserver can get a copy of the signed draft, it could
replay it (effectively making use of an unintentional signature).
Likewise, if the user doesn't think about encrypting a message until
they're they're ready to send it, then an intermediate/draft version of
the message might end up in cleartext on the remote server.
--dkg
signature.asc
Description: PGP signature
_______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
