Header encryption / memoryhole

Header encryption / memoryhole

[Varac]

[-- Attachment #1: Type: text/plain, Size: 630 bytes --]

Hi,

I'd like to know the state of header encryption support for
notmuch (aka memoryhole) [1].
Since enigmail 2.0 is able to encrypt certain mail headers like
subject i.e. if GPG-encryption is used, more and more mails
show up in my mailbox with the subject "Encrypted message".
That's great, people adopt it!

The "Implementations" sections of [1] says:

"notmuch: Memory Hole for parsing is under development, notmuch doesn't generate 
emails."

Can somebody please clarify the state here please ?
It would be great if notmuch could support it.

Greetings, Varac

[1] https://github.com/autocrypt/memoryhole

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJawmE0AAoJEFRl5354du0E8SAQANItyzjebT6X8Jkm09jStd3T
DWIVrsjUL6pUo+6r4cD1CYE6sYtXmEUuWAgFs7mxRuwpMZ2Oe/bI85XWW5KQPw4f
8Rf0PV7Y8cx6O5Y+8Kmx/jiDz+DFh7yWLeaUAZAXFRIFVVsFpGQdVDteaFwyK2vE
xnpLutRuppghX1SKG0o8ChDR92nIM0H4Lir7vCOMHraRQZ019HVDv9h/CoPfdYEG
S1S0/Yu0o5L7DspoY58+qsRtDiaMkmxPV0LeeVh/iy9gxQ0GfZic+UVmDCA0ByNs
Jcw+tgUI6BdyLLwsP6+V0oHa+LKF0M6h3frnIJD1m6u2zQbITM1OEEUuoC0hRUbh
3rXESSXDUN+v6ZK7ktbBfO5lT273K+q0Kw8pvBPTcjBYpCeb6lliXrRUKPK9MrvV
CWdJQMQHwmDyzxSYSrfK/7yvPQuonfGriDnn7nI3TCPYL9EJVT2gtifSB2LMX4Vd
etmDVq5KkgBDTXwz38LqEMRDm0Ohvb1Su3UTQBGfZqE7jByODLBfsvNdPV2of6hw
IOiukpcyTiCLOZ8yT0Ek6uBCfYEKTJ/YxcEiw83EzAAkPLIgFdnWmkQEQM44t6r1
CvKt7K2MJt7qWoRYu0G+PHNf9LSU34YtL5E+zA2/7ZffpqGKY866fmzbFmvoi7lD
0JjMWHK8SLT/5T3nMed7
=Dk59
-----END PGP SIGNATURE-----

Header protection / memoryhole [was: Re: Header encryption / memoryhole]

[Daniel Kahn Gillmor]

[-- Attachment #1: Type: text/plain, Size: 1449 bytes --]

On Mon 2018-04-02 18:58:28 +0200, Varac wrote:

> I'd like to know the state of header encryption support for
> notmuch (aka memoryhole) [1].

"memoryhole" refers to "protected headers", not just encrypted headers.
That is, the headers can be protected both by cryptographic signature
*and* by encryption.  This is a subtlety, but probably worth getting
right as we work on documentation and implementations.

This is on my list of things to work on for notmuch, but i'd be happy if
someone else beat me to it.  clearly i've taken too long to get this
done.

fwiw, memory-hole messages do display successfully in all versions of
notmuch i'm aware of, but they do so by rendering the "force-display"
part.  so notmuch currently uses the fallback arrangements as explicitly
intended by the original memoryhole draft.

as i see it, the steps are (in order):

 * handle encrypted subject correctly during message display time if the
   message is being decrypted.
 
 * handle encrypted subject specifically during message decryption at
   indexing time, storing it the correct subject field, instead of
   storing the "outside" subject.

 * suppress display of any "force-display" part during message display
   time.

 * handle any other cryptographically-protected headers during display
   and indexing.

 * generate protected headers when encrypting mail.


i welcome help with any of these steps :)

  --dkg

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 227 bytes --]

Re: Header protection / memoryhole [was: Re: Header encryption / memoryhole]

[Varac]

[-- Attachment #1: Type: text/plain, Size: 1642 bytes --]

Hi Daniel,

Thanks for clarifying!

Greetings, Varac


Quoting Daniel Kahn Gillmor (2018-04-08 23:18:34)
> On Mon 2018-04-02 18:58:28 +0200, Varac wrote:
> 
> > I'd like to know the state of header encryption support for
> > notmuch (aka memoryhole) [1].
> 
> "memoryhole" refers to "protected headers", not just encrypted headers.
> That is, the headers can be protected both by cryptographic signature
> *and* by encryption.  This is a subtlety, but probably worth getting
> right as we work on documentation and implementations.
> 
> This is on my list of things to work on for notmuch, but i'd be happy if
> someone else beat me to it.  clearly i've taken too long to get this
> done.
> 
> fwiw, memory-hole messages do display successfully in all versions of
> notmuch i'm aware of, but they do so by rendering the "force-display"
> part.  so notmuch currently uses the fallback arrangements as explicitly
> intended by the original memoryhole draft.
> 
> as i see it, the steps are (in order):
> 
>  * handle encrypted subject correctly during message display time if the
>    message is being decrypted.
>  
>  * handle encrypted subject specifically during message decryption at
>    indexing time, storing it the correct subject field, instead of
>    storing the "outside" subject.
> 
>  * suppress display of any "force-display" part during message display
>    time.
> 
>  * handle any other cryptographically-protected headers during display
>    and indexing.
> 
>  * generate protected headers when encrypting mail.
> 
> 
> i welcome help with any of these steps :)
> 
>   --dkg

[-- Attachment #2: signature --]
[-- Type: application/pgp-signature, Size: 801 bytes --]

-----BEGIN PGP SIGNATURE-----

iQIcBAABCgAGBQJayz8vAAoJEFRl5354du0EfXIP/1RMV0QteRrAuM9amCwSzoiq
oCGKu0nU3ZpXE8D1/5rvIa4n1e/26xXh8uOJlSx8Bq9J3mZ+2tq5Ev+vPm8wVc6M
xs64pC/IF1Ver4IBYdogDZuV/QIkZllrxQYjqeERYRb44W1Idzj38YSCayp9bijG
Kg6r4WzxS3vz+syqz8PjADqfkMqu+e5X2UBvg+//A9u1Bq8qHHvE5KlkDrKngqbj
oXI3YVgeRt91IEO6o12HxvdBWK7lEc3rWXtrndQiBQaNGzCW4M5Tkriy/W3Z3crF
IK+wCK3rTRJ/yQemv3s7JsumKuVHRlX5qMlnARFO7u+jt5Gk86t3Zxr8ysFoQpOX
UQkcSDeZ5SClKbSoXjy+JCquc5nqsnJwDA0rg3v70at289qfVs3+wT//uk/ZB3Cb
wsKkqrgo3bJ5hhpdAM9hbeUF/X1/7m/lfTfSb1Ghbr5b8YBFhE7RQLJF8pOjA2kY
Izf7He5oCMBt0zSUxny0g7fh0P+I6WgLXi5TCDZEnfNsdXJpCW3IhczK1dIw40/6
r0W4CkHjduQM95QChox+LVqN1dEzgSIxtNoMSOSqTd/bEQzblnYXIJNgAMCq/vSB
4FxunqCiWl9V7OaWR4VE9NdrzOLQi1+vohwALTQ3FTQXPyUHaSCSVvLw/BXySAI+
Mq7WewrPTS0KP2+zmw0o
=8eXr
-----END PGP SIGNATURE-----