From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: cope with inline PGP encrypted messages
Date: Tue, 12 Dec 2017 02:15:48 -0500 [thread overview]
Message-ID: <20171212071553.6440-1-dkg@fifthhorseman.net> (raw)
Inline PGP encrypted messages are clearly worse than PGP/MIME
structured encrypted messages. There are no standards for how they
are formed, and they don't offer any structured metadata about how to
interpret the bytestream produced by decrypting them.
However, some other MUAs and end-user workflows may make creation of
inline PGP encrypted messages the only available option for message
encryption, and when Notmuch encounters such a message, it should make
a reasonable best-effort to render the cleartext to the user.
Due to ambiguities in interpretation of signatures on inline messages
(e.g. which parts of the message were actually signed? what character
encoding should the bytestream be interpreted as), we continue to
ignore inline-signed messages entirely, and we do not look at the
validity of any signatures that might be found when decrypting inline
PGP encrypted messages.
We make use here of GMime's optimization function for detecting the
presence of inline PGP encrypted content, which is only found in GMime
3.0 or later.
This series is currently based n top of the "notmuch show
--decrypt=stash" series, which it needs to be able to apply cleanly.
If that series proves controversial, i could rebase this patch
manually against some earlier commit.
If you have applied this series, and you know you have some inline PGP
messages already in your message store, you can try to retroactively
reindex them with something like:
notmuch reindex --decrypt=true BEGIN-PGP-MESSAGE and not tag:encrypted
I welcome review and feedback about this series.
--dkg
next reply other threads:[~2017-12-12 7:18 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-12 7:15 Daniel Kahn Gillmor [this message]
2017-12-12 7:15 ` [PATCH 1/5] crypto: prepare for decryption of inline PGP encrypted messages Daniel Kahn Gillmor
2018-04-30 11:24 ` David Bremner
2018-04-30 11:42 ` David Bremner
2018-05-01 17:42 ` Daniel Kahn Gillmor
2018-05-03 21:34 ` David Bremner
2017-12-12 7:15 ` [PATCH 2/5] cli/{show, reply}: try to decrypt " Daniel Kahn Gillmor
2017-12-12 7:15 ` [PATCH 3/5] index: tag text parts with inline PGP encryption as "encrypted" Daniel Kahn Gillmor
2017-12-12 7:15 ` [PATCH 4/5] index: _index_encrypted_mime_part returns success or failure Daniel Kahn Gillmor
2017-12-12 7:15 ` [PATCH 5/5] index: try indexing the cleartext of inline PGP encrypted text parts Daniel Kahn Gillmor
2018-05-09 21:53 ` cope with inline PGP encrypted messages Daniel Kahn Gillmor
2018-05-10 12:39 ` David Bremner
2018-05-11 17:42 ` Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171212071553.6440-1-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).