Re: [notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-14 Thread Olly Betts
On 2010-01-08, James Westby wrote:
 That would leave an open question over whether future notmuch show
 invocations would return the plaintext or ciphertext. If it is the
 latter then it requires decrypting every time you want to view it, but
 it does mean that there is less information leakage (you could find out
 whether an encrypted message contained a particular term, but not read
 the whole message directly).

You can actually use the term position information to reconstruct the
original message text pretty well.  It misses capitalisation, punctuation,
and distinctions between whitespace, but is generally enough to allow
the message to be understood:


notmuch mailing list

Re: [notmuch] indexing encrypted messages (was: OpenPGP support)

2010-01-10 Thread Ruben Pollan
On 14:41, Fri 08 Jan 10, micah anderson wrote:
 On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan wrote:
  On 15:56, Fri 08 Jan 10, martin f krafft wrote:
   How about indexing GPG-encrypted messages?
  I think that would be security hole. You should not store the
  encrypted messages on a decrypted database. A solution whould be to
  encrypt as well the xapian DB, but I think is too complex for the use.
 Would you consider it a security hole if you stored your database on
 encrypted media (such as on-disk block encryption)?

No, in this case should be not a security hole. But anyway what is secure and
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.

But I think notmuch by default should not do so. This kind of things should be
something that the user activate by hand knowing what she is doing.

 I know that sup does this, when it ran over my mail store, it would
 trigger my gpg agent so that it could decrypt the encrypted
 messages. This was annoying because this happened every time it ran,
 which meant that unless I had used gpg recently, my agent would pop up
 and ask me for my passphrase, which was often.

I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the 
out-of-the-box behavior.

 The way Mutt provides this functionality is by decrypting only when you
 perform the search itself.

Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.

Rubén Pollán  |
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el ángel que había en el otro.

Description: Digital signature
notmuch mailing list