From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id 493A76DE0B7C for ; Mon, 11 Dec 2017 23:18:17 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.027 X-Spam-Level: X-Spam-Status: No, score=-0.027 tagged_above=-999 required=5 tests=[AWL=-0.027] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hgyL9CZszll1 for ; Mon, 11 Dec 2017 23:18:16 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id B5CD36DE0243 for ; Mon, 11 Dec 2017 23:18:16 -0800 (PST) Received: from fifthhorseman.net (unknown [38.109.115.130]) by che.mayfirst.org (Postfix) with ESMTPSA id 5BE6CF99A for ; Tue, 12 Dec 2017 02:18:16 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 3F2D320739; Tue, 12 Dec 2017 02:18:13 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: cope with inline PGP encrypted messages Date: Tue, 12 Dec 2017 02:15:48 -0500 Message-Id: <20171212071553.6440-1-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.15.1 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Dec 2017 07:18:17 -0000 Inline PGP encrypted messages are clearly worse than PGP/MIME structured encrypted messages. There are no standards for how they are formed, and they don't offer any structured metadata about how to interpret the bytestream produced by decrypting them. However, some other MUAs and end-user workflows may make creation of inline PGP encrypted messages the only available option for message encryption, and when Notmuch encounters such a message, it should make a reasonable best-effort to render the cleartext to the user. Due to ambiguities in interpretation of signatures on inline messages (e.g. which parts of the message were actually signed? what character encoding should the bytestream be interpreted as), we continue to ignore inline-signed messages entirely, and we do not look at the validity of any signatures that might be found when decrypting inline PGP encrypted messages. We make use here of GMime's optimization function for detecting the presence of inline PGP encrypted content, which is only found in GMime 3.0 or later. This series is currently based n top of the "notmuch show --decrypt=stash" series, which it needs to be able to apply cleanly. If that series proves controversial, i could rebase this patch manually against some earlier commit. If you have applied this series, and you know you have some inline PGP messages already in your message store, you can try to retroactively reindex them with something like: notmuch reindex --decrypt=true BEGIN-PGP-MESSAGE and not tag:encrypted I welcome review and feedback about this series. --dkg