From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id C35C76DE0B00 for ; Sun, 31 Dec 2017 15:09:38 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[AWL=0.000] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ll9RdtenljML for ; Sun, 31 Dec 2017 15:09:37 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 7CEB76DE0A9A for ; Sun, 31 Dec 2017 15:09:37 -0800 (PST) Received: from fifthhorseman.net (cpe-74-71-53-242.nyc.res.rr.com [74.71.53.242]) by che.mayfirst.org (Postfix) with ESMTPSA id EA2ACF99F for ; Sun, 31 Dec 2017 18:09:35 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id AB04E203AA; Sun, 31 Dec 2017 18:09:30 -0500 (EST) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: [PATCH 1/6] NEWS: cleartext indexing section includes session keys Date: Sun, 31 Dec 2017 18:09:25 -0500 Message-Id: <20171231230930.450-1-dkg@fifthhorseman.net> X-Mailer: git-send-email 2.15.1 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Dec 2017 23:09:38 -0000 These are part and parcel of the same feature, so include the overview here. --- NEWS | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 10752fa7..989cc405 100644 --- a/NEWS +++ b/NEWS @@ -43,13 +43,22 @@ Indexing cleartext of encrypted e-mails It's now possible to include the cleartext of encrypted e-mails in the notmuch index. This makes it possible to search your encrypted e-mails with the same ease as searching cleartext. This can be done - on a per-message basis with the --decrypt argument to indexing + on a per-message basis by passing --decrypt=true to indexing commands (new, insert, reindex), or by default by running "notmuch config set index.decrypt true". - Note that the contents of the index are sufficient to roughly - reconstruct the cleartext of the message itself, so please ensure - that the notmuch index itself is adequately protected. DO NOT USE + Encrypted messages whose cleartext is indexed will typically also + have their session keys stashed as properties associated with the + message. Stashed session keys permit rapid rendering of long + encrypted threads, and disposal of expired encryption-capable keys. + If for some reason you want cleartext indexing without stashed + session keys, use --decrypt=nostash for your indexing commands (or + run "notmuch config set index.decrypt nostash"). See `index.decrypt` + in notmuch-config(1) for more details. + + Note that stashed session keys permit reconstruction of the + cleartext of the encrypted message itself, and the contents of the + index are roughly equivalent to the cleartext as well. DO NOT USE this feature without considering the security of your index. Library Changes -- 2.15.1