From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id A98206DE014D for ; Tue, 14 Nov 2017 06:27:17 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.001 X-Spam-Level: X-Spam-Status: No, score=-0.001 tagged_above=-999 required=5 tests=[AWL=0.010, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 20m39IeRabBg for ; Tue, 14 Nov 2017 06:27:17 -0800 (PST) Received: from fethera.tethera.net (fethera.tethera.net [198.245.60.197]) by arlo.cworth.org (Postfix) with ESMTPS id 037066DE010F for ; Tue, 14 Nov 2017 06:27:16 -0800 (PST) Received: from remotemail by fethera.tethera.net with local (Exim 4.89) (envelope-from ) id 1eEcBH-0002vK-OY; Tue, 14 Nov 2017 09:27:15 -0500 Received: (nullmailer pid 5505 invoked by uid 1000); Tue, 14 Nov 2017 14:27:08 -0000 From: David Bremner To: Daniel Kahn Gillmor , Notmuch Mail Subject: Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys In-Reply-To: <87k1ytx8qu.fsf@fifthhorseman.net> References: <20171025065203.24403-1-dkg@fifthhorseman.net> <20171025065203.24403-6-dkg@fifthhorseman.net> <87o9o59f5b.fsf@tethera.net> <87k1ytx8qu.fsf@fifthhorseman.net> Date: Tue, 14 Nov 2017 10:27:08 -0400 Message-ID: <87375h6imb.fsf@tesseract.cs.unb.ca> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Nov 2017 14:27:17 -0000 Daniel Kahn Gillmor writes: > On Tue 2017-11-14 09:13:52 -0400, David Bremner wrote: >> Daniel Kahn Gillmor writes: >> >>> If you've got a notmuch dump that includes stashed session keys for >>> every decrypted message, and you've got your message archive, you >>> should be able to get back to the same index that you had before. >> >> Out of curiousity, have you given any thought to what happens when >> someone sends a message with the same message-id but a different >> session-key? it seems like the user can potentially lose access to the >> encrypted message. > > yep! I even have that case in my own mailbox due to messages i've sent > to schleuder encrypted mailing lists to which i'm also subscribed. > > It works fine. notmuch stashes both session keys against the message-id > (you can have multiple properties with the same name as long as they > have different values). And upon decryption, it tries each session-key > in succession. This is a little bit sloppy (maybe it would be less > sloppy to associate each message key with each version of the message > somehow?), but it's significantly simpler and basically unnoticeable > compared to the speedup gains provided by the rest of the series. > > --dkg Great! d