From: Ruben Pollan <meskio@sindominio.net>
To: micah anderson <micah@riseup.net>
Cc: notmuch@notmuchmail.org
Subject: Re: indexing encrypted messages (was: OpenPGP support)
Date: Sun, 10 Jan 2010 13:42:59 +0100 [thread overview]
Message-ID: <20100110124259.GK15677@blackspot> (raw)
In-Reply-To: <873a2gbd09.fsf@lillypad.riseup.net>
[-- Attachment #1: Type: text/plain, Size: 1883 bytes --]
On 14:41, Fri 08 Jan 10, micah anderson wrote:
> On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan <meskio@sindominio.net> wrote:
> > On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> > > How about indexing GPG-encrypted messages?
> >
> > I think that would be security hole. You should not store the
> > encrypted messages on a decrypted database. A solution whould be to
> > encrypt as well the xapian DB, but I think is too complex for the use.
>
> Would you consider it a security hole if you stored your database on
> encrypted media (such as on-disk block encryption)?
No, in this case should be not a security hole. But anyway what is secure and
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.
But I think notmuch by default should not do so. This kind of things should be
something that the user activate by hand knowing what she is doing.
> I know that sup does this, when it ran over my mail store, it would
> trigger my gpg agent so that it could decrypt the encrypted
> messages. This was annoying because this happened every time it ran,
> which meant that unless I had used gpg recently, my agent would pop up
> and ask me for my passphrase, which was often.
I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the
out-of-the-box behavior.
> The way Mutt provides this functionality is by decrypting only when you
> perform the search itself.
Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.
--
Rubén Pollán | jabber:meskio@jabber.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el ángel que había en el otro.
[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 198 bytes --]
next prev parent reply other threads:[~2010-01-10 12:40 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-11-23 13:00 OpenPGP support Jameson Graef Rollins
2009-11-26 6:01 ` Jameson Graef Rollins
2009-11-26 7:08 ` Aneesh Kumar K. V
2009-11-26 18:31 ` Jameson Graef Rollins
2009-11-26 19:12 ` Carl Worth
2010-01-08 2:56 ` indexing encrypted messages (was: OpenPGP support) martin f krafft
2010-01-08 8:09 ` Mike Hommey
2010-01-08 9:12 ` martin f krafft
2010-01-08 9:21 ` Ruben Pollan
2010-01-08 10:24 ` martin f krafft
2010-01-08 19:41 ` micah anderson
2010-01-10 12:42 ` Ruben Pollan [this message]
2010-01-08 10:37 ` James Westby
2010-01-14 10:03 ` Olly Betts
2009-11-26 18:41 ` OpenPGP support Carl Worth
2009-11-26 23:01 ` Keith Packard
2009-11-28 4:06 ` Carl Worth
2009-11-29 19:44 ` Jameson Graef Rollins
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100110124259.GK15677@blackspot \
--to=meskio@sindominio.net \
--cc=micah@riseup.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).