Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Tue, Jun 19 2018, Daniel Kahn Gillmor wrote: > This is looking good to me, thanks! > > two more bits of nit-pickery below: > > On Tue 2018-06-19 08:20:12 -0700, Jameson Graef Rollins wrote: >> +(defcustom notmuch-show-stash-session-keys nil >> + "Should session keys be stashed when decrypting messages for display? >> + >> +If this variable is non-nil session keys recovered while >> +decrypting messages for display will be stored in the database. >> +See description of --decrypt option in notmuch-show(1) for more >> +information. > > do we want to include a warning here about the security of the index? > setting this value to true not only stashes the session keys, but it > also indexes the cleartext. at the moment we're not directing people to > the same kind of warnings ("Be aware that the index… DO NOT USE … > without considering the security of your index.") that are present > already in notmuch-reindex(1) and notmuch-new(1) and notmuch-insert(1). > Perhaps notmuch-show(1) needs the same boilerplate warning, and we could > replicate some short version of it here too? I was wondering if it would make sense to have a separate man page for describing all the intricacies of notmuch's crypto functionality, i.e. notmuch-crypto(7). There's going to be a lot of redundancy/boilerplate in all the different man pages, and it seems like it would be useful to put it all in one place and just reference it from all the others. This could also be a good place to describe how protected headers are handled, and autocrypt once we finally get around to implementing it. >> +NOTE: Stashing encryption session keys requires opening the >> +notmuch database in read/write mode, which is not normally done > > i'd say "not otherwise done" instead of "not normally done", since we > don't want to claim that people who use this feature aren't "normal" :) But the claim wouldn't not be true! I'll push another (five copies of a new) version. jamie. signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
This is looking good to me, thanks! two more bits of nit-pickery below: On Tue 2018-06-19 08:20:12 -0700, Jameson Graef Rollins wrote: > +(defcustom notmuch-show-stash-session-keys nil > + "Should session keys be stashed when decrypting messages for display? > + > +If this variable is non-nil session keys recovered while > +decrypting messages for display will be stored in the database. > +See description of --decrypt option in notmuch-show(1) for more > +information. do we want to include a warning here about the security of the index? setting this value to true not only stashes the session keys, but it also indexes the cleartext. at the moment we're not directing people to the same kind of warnings ("Be aware that the index… DO NOT USE … without considering the security of your index.") that are present already in notmuch-reindex(1) and notmuch-new(1) and notmuch-insert(1). Perhaps notmuch-show(1) needs the same boilerplate warning, and we could replicate some short version of it here too? > +NOTE: Stashing encryption session keys requires opening the > +notmuch database in read/write mode, which is not normally done i'd say "not otherwise done" instead of "not normally done", since we don't want to claim that people who use this feature aren't "normal" :) --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Tue, Jun 19 2018, Jameson Graef Rollins wrote: > Introduce notmuch-show-store-session-keys customization variable to > control stashing of session keys. If non-nil any session keys > recovered during decryption will be stored in the database. > > This is just a switch to have --decrypt= use "stash" instead of > "true". > --- > Gah forgot to update the commit message. Sorry. Sorry, this is the one to use, since I messed up the commit message on the first. So sorry for all the screw ups. jamie. ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
Introduce notmuch-show-store-session-keys customization variable to control stashing of session keys. If non-nil any session keys recovered during decryption will be stored in the database. This is just a switch to have --decrypt= use "stash" instead of "true". --- Gah forgot to update the commit message. Sorry. emacs/notmuch-crypto.el | 15 +++ emacs/notmuch-query.el | 4 +++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el index fc2b5301..26ce19b4 100644 --- a/emacs/notmuch-crypto.el +++ b/emacs/notmuch-crypto.el @@ -43,6 +43,21 @@ mode." :package-version '(notmuch . "0.25") :group 'notmuch-crypto) +(defcustom notmuch-show-stash-session-keys nil + "Should session keys be stashed when decrypting messages for display? + +If this variable is non-nil session keys recovered while +decrypting messages for display will be stored in the database. +See description of --decrypt option in notmuch-show(1) for more +information. + +NOTE: Stashing encryption session keys requires opening the +notmuch database in read/write mode, which is not normally done +when retrieving messages for display." + :type 'boolean + :package-version '(notmuch . "0.28") + :group 'notmuch-crypto) + (defface notmuch-crypto-part-header 'class color) (background dark)) diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el index 563e4acf..e53c9489 100644 --- a/emacs/notmuch-query.el +++ b/emacs/notmuch-query.el @@ -32,7 +32,9 @@ is a possibly empty forest of replies. " (let ((args '("show" "--format=sexp" "--format-version=4"))) (if notmuch-show-process-crypto - (setq args (append args '("--decrypt=true" +(if notmuch-show-stash-session-keys +(setq args (append args '("--decrypt=stash"))) + (setq args (append args '("--decrypt=true") (setq args (append args search-terms)) (apply #'notmuch-call-notmuch-sexp args))) -- 2.17.1 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
Introduce notmuch-crypto-store-session-keys customization variable to control stashing of session keys. If non-nil any session keys recovered during decryption will be stored in the database. This is just a switch to have --decrypt= use "stash" instead of "true". --- emacs/notmuch-crypto.el | 15 +++ emacs/notmuch-query.el | 4 +++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el index fc2b5301..26ce19b4 100644 --- a/emacs/notmuch-crypto.el +++ b/emacs/notmuch-crypto.el @@ -43,6 +43,21 @@ mode." :package-version '(notmuch . "0.25") :group 'notmuch-crypto) +(defcustom notmuch-show-stash-session-keys nil + "Should session keys be stashed when decrypting messages for display? + +If this variable is non-nil session keys recovered while +decrypting messages for display will be stored in the database. +See description of --decrypt option in notmuch-show(1) for more +information. + +NOTE: Stashing encryption session keys requires opening the +notmuch database in read/write mode, which is not normally done +when retrieving messages for display." + :type 'boolean + :package-version '(notmuch . "0.28") + :group 'notmuch-crypto) + (defface notmuch-crypto-part-header 'class color) (background dark)) diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el index 563e4acf..e53c9489 100644 --- a/emacs/notmuch-query.el +++ b/emacs/notmuch-query.el @@ -32,7 +32,9 @@ is a possibly empty forest of replies. " (let ((args '("show" "--format=sexp" "--format-version=4"))) (if notmuch-show-process-crypto - (setq args (append args '("--decrypt=true" +(if notmuch-show-stash-session-keys +(setq args (append args '("--decrypt=stash"))) + (setq args (append args '("--decrypt=true") (setq args (append args search-terms)) (apply #'notmuch-call-notmuch-sexp args))) -- 2.17.1 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Tue, Jun 19 2018, David Bremner wrote: > I'm fine with whatever you and dkg decide for a name, but note that the > customization group is independent from the name; you just choose > whatever group you want in the defcustom. Oh, I didn't realize that. I thought they were linked. In that case I'll go with: notmuch-show-store-session-keys signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
Jameson Graef Rollins writes: > On Mon, Jun 18 2018, Daniel Kahn Gillmor wrote: >> This looks like it would work, but calling it >> notmuch-crypto-store-session-keys is a bit confusing, because based on >> the name it looks like it would apply to many places (e.g. during >> message sending, should a session key be stored when the outbound >> message is fcc'ed?), but based on the implementation it only matters >> during "show". >> >> Should its name be notmuch-show-store-session-keys instead? > > I feel like it should be under the notmuch-crypto customization group, > not notmuch-show. notmuch-crypto-show-store-session-keys ? > I'm fine with whatever you and dkg decide for a name, but note that the customization group is independent from the name; you just choose whatever group you want in the defcustom. d ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Mon, Jun 18 2018, Daniel Kahn Gillmor wrote: > how about: > > notmuch-crypto-store-session-keys-on-show Works for me. ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Mon 2018-06-18 15:49:45 -0700, Jameson Graef Rollins wrote: > On Mon, Jun 18 2018, Daniel Kahn Gillmor wrote: > >> Should its name be notmuch-show-store-session-keys instead? > > I feel like it should be under the notmuch-crypto customization group, > not notmuch-show. notmuch-crypto-show-store-session-keys ? how about: notmuch-crypto-store-session-keys-on-show ? --dkg ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
On Mon, Jun 18 2018, Daniel Kahn Gillmor wrote: > This looks like it would work, but calling it > notmuch-crypto-store-session-keys is a bit confusing, because based on > the name it looks like it would apply to many places (e.g. during > message sending, should a session key be stored when the outbound > message is fcc'ed?), but based on the implementation it only matters > during "show". > > Should its name be notmuch-show-store-session-keys instead? I feel like it should be under the notmuch-crypto customization group, not notmuch-show. notmuch-crypto-show-store-session-keys ? > also, i think the description of the variable setting should be clearer > about its scope, and about the implications of setting it to non-nil > (e.g. needing read/write access to the notmuch db to view all messages) I will clarify the docs once we decide on variable name. jamie. signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
thanks for working on this, Jamie! On Sun 2018-06-17 17:31:38 -0700, Jameson Graef Rollins wrote: > Introduce notmuch-crypto-store-session-keys customization variable to > control stashing of session keys. If non-nil any session keys > recovered during decryption will be stored in the database. > > This is just a switch to have --decrypt= use "stash" instead of > "true". > --- > This seems like the simplest approach, to just add a new variable to > control session key stashing. Much simpler that reworking the meaning > of notmuch-crypto-process-mime. This looks like it would work, but calling it notmuch-crypto-store-session-keys is a bit confusing, because based on the name it looks like it would apply to many places (e.g. during message sending, should a session key be stored when the outbound message is fcc'ed?), but based on the implementation it only matters during "show". Should its name be notmuch-show-store-session-keys instead? also, i think the description of the variable setting should be clearer about its scope, and about the implications of setting it to non-nil (e.g. needing read/write access to the notmuch db to view all messages) --dkg signature.asc Description: PGP signature ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch
[PATCH] emacs: new crypto customization variable to control stashing of encryption session keys
Introduce notmuch-crypto-store-session-keys customization variable to control stashing of session keys. If non-nil any session keys recovered during decryption will be stored in the database. This is just a switch to have --decrypt= use "stash" instead of "true". --- This seems like the simplest approach, to just add a new variable to control session key stashing. Much simpler that reworking the meaning of notmuch-crypto-process-mime. emacs/notmuch-crypto.el | 10 ++ emacs/notmuch-query.el | 4 +++- 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/emacs/notmuch-crypto.el b/emacs/notmuch-crypto.el index fc2b5301..e1943f53 100644 --- a/emacs/notmuch-crypto.el +++ b/emacs/notmuch-crypto.el @@ -43,6 +43,16 @@ mode." :package-version '(notmuch . "0.25") :group 'notmuch-crypto) +(defcustom notmuch-crypto-store-session-keys nil + "Should session keys from decrypted messages be stored in database? + +If this variable is non-nil session keys recovered from decrypted +messages will be stored in the database. See notmuch-show(1) for +more information." + :type 'boolean + :package-version '(notmuch . "0.28") + :group 'notmuch-crypto) + (defface notmuch-crypto-part-header 'class color) (background dark)) diff --git a/emacs/notmuch-query.el b/emacs/notmuch-query.el index 563e4acf..3e6bc8b1 100644 --- a/emacs/notmuch-query.el +++ b/emacs/notmuch-query.el @@ -32,7 +32,9 @@ is a possibly empty forest of replies. " (let ((args '("show" "--format=sexp" "--format-version=4"))) (if notmuch-show-process-crypto - (setq args (append args '("--decrypt=true" +(if notmuch-crypto-store-session-keys +(setq args (append args '("--decrypt=stash"))) + (setq args (append args '("--decrypt=true") (setq args (append args search-terms)) (apply #'notmuch-call-notmuch-sexp args))) -- 2.17.1 ___ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch