From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 1C694431FBC for ; Mon, 7 Apr 2014 22:25:40 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8yvYU9CFhoS for ; Mon, 7 Apr 2014 22:25:34 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by olra.theworths.org (Postfix) with ESMTP id 7F45A431FB6 for ; Mon, 7 Apr 2014 22:25:34 -0700 (PDT) Received: from [10.21.9.0] (unknown [107.19.144.191]) by che.mayfirst.org (Postfix) with ESMTPSA id F178DF984; Tue, 8 Apr 2014 01:25:29 -0400 (EDT) Message-ID: <53438849.5050500@fifthhorseman.net> Date: Tue, 08 Apr 2014 01:25:29 -0400 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Icedove/24.3.0 MIME-Version: 1.0 To: Mark Walters , Jeremy Nickurak , Jameson Graef Rollins Subject: Re: Feature suggestion. Indexing encrypted mail? References: <86k3b3ybo6.fsf@someserver.somewhere> <878urj1z3j.fsf@maritornes.cs.unb.ca> <87txa7pp8z.fsf@servo.finestructure.net> <20140406091516.GG26903@vilya.m0g.net> <5341D252.90405@fifthhorseman.net> <867g71y327.fsf@someserver.somewhere> <87ob0dnndk.fsf@servo.finestructure.net> <87d2gsonne.fsf@qmul.ac.uk> In-Reply-To: <87d2gsonne.fsf@qmul.ac.uk> X-Enigmail-Version: 1.6+git0.20140323 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="4p2obPrRGNinEIx9HTBAme48kKMKT2cLR" Cc: Notmuch Mailing List , Daniel Kahn Gillmor X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 08 Apr 2014 05:25:40 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --4p2obPrRGNinEIx9HTBAme48kKMKT2cLR Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 04/07/2014 05:06 PM, Mark Walters wrote: > I think it is worse that that: I think (from what people said on irc > some time ago) that the index contains the word and the position of tha= t > word so essentially the whole message can be reconstructed from the > index. Agree with Mark here, the warnings around such a feature should clearly say "this stores a cleartext equivalent of your message in the notmuch index." Even if the index weren't structured in this way, modern natural language processing techniques and a plausible training corpus should be able to come very close to the original cleartext message, so it should be treated as such. fwiw, the workflow i outlined should make it so that users can receive all messages encrypted; when they read each encrypted message, they get a choice about whether to store a cleartext-equivalent in their notmuch index. (note of course that it's possible to store your notmuch index on an encrypted filesystem itself, for a different flavor of confidentiality protection for the data once it's come to rest). This per-message decision mechanism lets a thoughtful user make that tradeoff on a piecemeal basis (it also allows for blanket (mis)judgement, of course). There are certainly some messages that one might never want store in a cleartext index, while other messages might be less sensitive to exposure while being more valuable to the user if stored in a well-indexed, searchable local archive. I think this is a feature worth having, despite the warning labels it probably needs. --dkg --4p2obPrRGNinEIx9HTBAme48kKMKT2cLR Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 Comment: Using GnuPG with Icedove - http://www.enigmail.net/ iQJ8BAEBCgBmBQJTQ4hJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcK28QAOK8pEoQ6Cn6ZsplytoPZOky 5qgP739i6YZVpgOOjfSDoWSuBSR1ItqketnKJSZ0O8b4q0HGXsBDbIvMf5QSlO4U 7zXg3B2nO2VGXo9JfPvTvX0vaTdbQXK8RJSIkRsFnD/IXAaqGk3L2NvspQnsrLXi h55l5DAzEag2g1X4MrIziVGd6dIVxBPWQLLWsJtl742G9iVSThc8E9JFRgt3KpPw KdHH7+3rFCjpNUJTCVGdOzKzjad03lBA3dxNPo77Hc8VRIYRxj9Z0H2XcAwYFXSK Fji2Gh7T3U//u4HBbLGyr7KgHBMupUj5XU+cz7HMeL+ZKUHhm/VD4hUY40yCrzkz xIX84Srnr5U6dds22Aw7v1lYJdYwNzeCc15gIRmlH0C0wg3s36dufsD58r3dr+Eh zAHcqivJZgoYbR1xj7+MyFL4f9AMUsy9aohZ4veZIs4Xv4AtdBVjyXSD8W+b1aRC fL3iiLAn0u7SeNEj8vwQXGnXHmn/RjWzv08Uv3/Uow1s8edAl9UDlnpqajMbMsIU 3bfPJeV57B4uNYyv6G/vaplzHZnOKZr+snMqUdNK/QOsY29Zdi6L0rjMR+R0GjFB Kbmt6JC1FrPyawyVPtrOW63cx8XqnrrkTaWICeciwqYHTtrJoT337+KDak2Zqb8V RMh4aP6QeC96WvEYEJ5U =qxWp -----END PGP SIGNATURE----- --4p2obPrRGNinEIx9HTBAme48kKMKT2cLR--