From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id A536B6DE020E for ; Wed, 9 May 2018 14:55:00 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.021 X-Spam-Level: X-Spam-Status: No, score=-0.021 tagged_above=-999 required=5 tests=[AWL=-0.021, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jWOXCLgpCgRB for ; Wed, 9 May 2018 14:55:00 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id D74226DE0203 for ; Wed, 9 May 2018 14:54:59 -0700 (PDT) Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id E4740F99D for ; Wed, 9 May 2018 17:54:57 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id CE46E20268; Wed, 9 May 2018 17:53:54 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: Re: cope with inline PGP encrypted messages In-Reply-To: <20171212071553.6440-1-dkg@fifthhorseman.net> References: <20171212071553.6440-1-dkg@fifthhorseman.net> Date: Wed, 09 May 2018 17:53:54 -0400 Message-ID: <877eoclclp.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 09 May 2018 21:55:00 -0000 On Tue 2017-12-12 01:15:48 -0500, Daniel Kahn Gillmor wrote: > Inline PGP encrypted messages are clearly worse than PGP/MIME > structured encrypted messages. There are no standards for how they > are formed, and they don't offer any structured metadata about how to > interpret the bytestream produced by decrypting them. > > However, some other MUAs and end-user workflows may make creation of > inline PGP encrypted messages the only available option for message > encryption, and when Notmuch encounters such a message, it should make > a reasonable best-effort to render the cleartext to the user. Jamie Rollins points out that I need to think more about some of the security implications of this patch series, so i'd prefer to withdraw it from consideration for notmuch at the moment. i'd say it's a WIP but really not ready for general consumption. Not sure how to best represent that in nmbug -- but for now i've removed notmuch::needs-review and added notmuch::wip. bremner, let me know if you think i should have done something different. I do think that we need to come up with *some* way of letting people read messages with inline PGP encrypted chunks in them safely. Otherwise, notmuch users will resort to dirty tricks (because they want to read the mail), and those dirty tricks will possibly be worse than anything we come up with. But higher-priority issues are drawing my attention right now, and i don't want this series to distract from them. --dkg