From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Notmuch Mail <notmuch@notmuchmail.org>
Subject: [PATCH 1/6] NEWS: cleartext indexing section includes session keys
Date: Sun, 31 Dec 2017 18:09:25 -0500 [thread overview]
Message-ID: <20171231230930.450-1-dkg@fifthhorseman.net> (raw)
These are part and parcel of the same feature, so include the overview
here.
---
NEWS | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 10752fa7..989cc405 100644
--- a/NEWS
+++ b/NEWS
@@ -43,13 +43,22 @@ Indexing cleartext of encrypted e-mails
It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext. This can be done
- on a per-message basis with the --decrypt argument to indexing
+ on a per-message basis by passing --decrypt=true to indexing
commands (new, insert, reindex), or by default by running "notmuch
config set index.decrypt true".
- Note that the contents of the index are sufficient to roughly
- reconstruct the cleartext of the message itself, so please ensure
- that the notmuch index itself is adequately protected. DO NOT USE
+ Encrypted messages whose cleartext is indexed will typically also
+ have their session keys stashed as properties associated with the
+ message. Stashed session keys permit rapid rendering of long
+ encrypted threads, and disposal of expired encryption-capable keys.
+ If for some reason you want cleartext indexing without stashed
+ session keys, use --decrypt=nostash for your indexing commands (or
+ run "notmuch config set index.decrypt nostash"). See `index.decrypt`
+ in notmuch-config(1) for more details.
+
+ Note that stashed session keys permit reconstruction of the
+ cleartext of the encrypted message itself, and the contents of the
+ index are roughly equivalent to the cleartext as well. DO NOT USE
this feature without considering the security of your index.
Library Changes
--
2.15.1
next reply other threads:[~2017-12-31 23:09 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-12-31 23:09 Daniel Kahn Gillmor [this message]
2017-12-31 23:09 ` [PATCH 2/6] NEWS: transition n_d_add_message to n_d_index_file Daniel Kahn Gillmor
2017-12-31 23:09 ` [PATCH 3/6] NEWS: note decrypt_policy in python bindings for index_file Daniel Kahn Gillmor
2017-12-31 23:09 ` [PATCH 4/6] NEWS: notmuch {show, reply} --decrypt takes explicit argument Daniel Kahn Gillmor
2017-12-31 23:09 ` [PATCH 5/6] NEWS: document notmuch_message_remove_all_properties_with_prefix Daniel Kahn Gillmor
2017-12-31 23:09 ` [PATCH 6/6] NEWS: document notmuch-properties(7) Daniel Kahn Gillmor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20171231230930.450-1-dkg@fifthhorseman.net \
--to=dkg@fifthhorseman.net \
--cc=notmuch@notmuchmail.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).