unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
* Protected Headers (2nd major revision, more testing!)
@ 2019-05-26 22:15 Daniel Kahn Gillmor
  2019-05-26 22:15 ` [PATCH v2 01/17] cli/show: emit headers after emitting body Daniel Kahn Gillmor
                   ` (19 more replies)
  0 siblings, 20 replies; 47+ messages in thread
From: Daniel Kahn Gillmor @ 2019-05-26 22:15 UTC (permalink / raw)
  To: Notmuch Mail

Hi all--

Way back in id:20180511055544.13676-1-dkg@fifthhorseman.net, i
proposed support for protected headers (in particular, for being able
to read and search for subject lines of encrypted messages which
protect the Subject).  Although that series was reviewed by Bremner, i
never managed to get it in shape for merging.

This is a revision of that series, applied against the current master,
having taken into account those reviews and the current state of the
notmuch codebase.  I'm hoping that we can get it into 0.29 before the
feature freeze.

The major change since the earlier version is that i've dropped the
proposed --protected-subject flag for "notmuch reply".  An MUA that
wants to reply to an encrypted message needs to keep a lot of state
active during message composition, including the fact that it was a
reply to an encrypted message, and so forth.  It needs to know that if
the user switches encryption off or on during message composition (for
whatever reason, like adding a Cc to someone for whom we don't have
keys, or discovering that some of the recipients keys are no longer
valid), it needs to think about whether the subject line is stripped
or not actively, and passing a simple --protected-subject flag to
"notmuch reply" during the initial setup of message composition is
insufficient for that purpose.  So this series doesn't pretend to
handle that case directly -- clients will need to consider it
themselves.

See the message in commit "cli/reply: ensure encrypted Subject: line
does not leak in the clear" for more thoughts about what a reasonable
replying MUA might do.

This series also (like its earlier incarnation) doesn't get all the
way to the point of generating encrypted or signed messages that
protect their Subject lines.  That might require some e-lisp hackery
that i haven't done; or it might be best solved by a "notmuch deliver"
outbound message handler (which is also work i haven't done). Or maybe
there's some other better solution that i haven't thought of yet.  I
welcome discussion and suggestions along those lines.

The other thing this series does not do is to expose information about
the protected headers through the library or the python bindings.  I
think the pieces are in place to make that happen, but I have not
considered the API deeply enough to take a concrete attempt.  Again,
suggestions (and patches) welcome!

However, despite the above-mentioned limitations, this series delivers
a concrete improvement: users of notmuch can now read, index, and
search for the subject lines of encrypted messages sent from MUAs like
Enigmail and K-9 mail.

Also: please don't be scared of the length of this series.  Although
there are 17 patches, the distinct majority of them are extensions to
the test suite, to make sure that we cover weird corner cases between
the MIME spec and this now-common form of header protection.

As always, review, feedback, critique, and patches are welcome.

Happy Hacking,

   --dkg

^ permalink raw reply	[flat|nested] 47+ messages in thread
[parent not found: <87d0k3643o.fsf@caltech.edu.net>]

end of thread, other threads:[~2021-12-23 11:57 UTC | newest]

Thread overview: 47+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-05-26 22:15 Protected Headers (2nd major revision, more testing!) Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 01/17] cli/show: emit headers after emitting body Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 02/17] util/crypto: add information about the payload part Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 03/17] test: new test framework to compare json parts Daniel Kahn Gillmor
2019-05-27  9:56   ` David Bremner
2019-05-27 17:31     ` Rollins, Jameson
2019-05-27 20:34     ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 21:30       ` Daniel Kahn Gillmor
2019-05-28  0:09         ` Rollins, Jameson
2019-05-27 18:35   ` [PATCH v3] " Rollins, Jameson
2019-05-26 22:15 ` [PATCH v2 04/17] cli/show: add tests for viewing protected headers Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 05/17] cli/show: emit payload subject instead of outside subject Daniel Kahn Gillmor
2019-05-26 22:15 ` [PATCH v2 06/17] cli/show: add information about which headers were protected Daniel Kahn Gillmor
2019-05-27 10:12   ` David Bremner
2019-05-27 17:34     ` Rollins, Jameson
2019-05-27 17:59       ` David Bremner
2019-05-27 20:40     ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:18       ` Daniel Kahn Gillmor
2019-05-27 20:43     ` [PATCH v2 " Daniel Kahn Gillmor
2019-05-27 22:14     ` [PATCH v4 " Daniel Kahn Gillmor
2019-05-28 11:10       ` David Bremner
2019-05-28 22:39         ` Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 07/17] test: add test for missing external subject Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 08/17] test: show cryptographic envelope information for signed mails Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 09/17] cli/reply: ensure encrypted Subject: line does not leak in the clear Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 10/17] indexing: record protected subject when indexing cleartext Daniel Kahn Gillmor
2019-05-27 10:24   ` David Bremner
2019-05-27 21:17     ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:35       ` Daniel Kahn Gillmor
2019-05-27 21:25     ` _notmuch_database_log vs _notmuch_database_log_append [was: Re: [PATCH v2 10/17] indexing: record protected subject when indexing cleartext] Daniel Kahn Gillmor
2019-05-27 22:40     ` [PATCH v4 10/17] indexing: record protected subject when indexing cleartext Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 11/17] test: protected headers should work when both encrypted and signed Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 12/17] test: after reindexing, only legitimate protected subjects are searchable Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 13/17] test: try indexing nested messages and protected headers Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 14/17] test: ensure that protected headers appear in notmuch-emacs search as expected Daniel Kahn Gillmor
2019-05-27 20:21   ` Rollins, Jameson
2019-05-27 21:58     ` [PATCH v3 " Daniel Kahn Gillmor
2019-05-27 22:02     ` stitching threads (v3 14/17) Daniel Kahn Gillmor
2021-12-23 11:57       ` David Bremner
2019-05-26 22:16 ` [PATCH v2 15/17] test: emacs/show: ensure that protected headers appear as expected Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 16/17] test: reply (in cli and emacs) should protect indexed sensitive headers Daniel Kahn Gillmor
2019-05-26 22:16 ` [PATCH v2 17/17] cli/reply: pull proposed subject line from the message, not the index Daniel Kahn Gillmor
2019-05-27 20:22 ` Protected Headers (2nd major revision, more testing!) Rollins, Jameson
2019-05-27 22:49 ` Daniel Kahn Gillmor
2019-05-29 11:44 ` David Bremner
2019-05-29 17:31   ` Daniel Kahn Gillmor
     [not found] <87d0k3643o.fsf@caltech.edu.net>
2019-05-27 21:35 ` [PATCH v3 14/17] test: ensure that protected headers appear in notmuch-emacs search as expected Daniel Kahn Gillmor

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).