From: Jani Nikula <jani@nikula.org>
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Andrei POPESCU <andreimpopescu@gmail.com>
Cc: notmuch@notmuchmail.org, "Kevin J. McCarthy" <kevin@8t8.us>,
Stefano Zacchiroli <zack@upsilon.cc>
Subject: Re: notmuch-mutt: support for duplicate message removal
Date: Wed, 01 Aug 2012 22:18:55 +0300 [thread overview]
Message-ID: <87d33av2sg.fsf@nikula.org> (raw)
In-Reply-To: <50196548.3030504@fifthhorseman.net>
On Wed, 01 Aug 2012, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> On 08/01/2012 12:26 PM, Andrei POPESCU wrote:
>> I'm at least one user that cares enough about the distinction to have
>> all list mails received via a different address, just to avoid Gmail's
>> "feature" of silently dropping my own messages received via a list.
>> IMVHO it should at least be configurable...
>
> The proposed feature could also exacerbate the previously-discussed
> attack vector [0] whereby a malicious Message-ID collision can be used
> to hide messages from the victim's mailstore.
Just to clarify, the feature proposed in this patch series does not make
the problem worse (as it would hide only fully identical messages, which
is not useful for the malicious purpose).
What I suggested [1] could indeed make notmuch-mutt as vulnerable to the
attack vector as notmuch show, and the emacs ui, currently are (but not
worse than that).
BR,
Jani.
[1] id:"87pq7aam8n.fsf@nikula.org"
>
> --dkg
>
> [0] id:87k42vrqve.fsf@pip.fifthhorseman.net
next prev parent reply other threads:[~2012-08-01 19:19 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-01 8:09 notmuch-mutt: support for duplicate message removal Stefano Zacchiroli
2012-08-01 8:09 ` [PATCH 1/2] Add duplicate message removal for notmuch-mutt Stefano Zacchiroli
2012-08-03 1:00 ` David Bremner
2012-08-01 8:09 ` [PATCH 2/2] debian packaging: new depends for duplicate removals in mutt contrib Stefano Zacchiroli
2012-08-01 11:24 ` notmuch-mutt: support for duplicate message removal Jani Nikula
2012-08-01 16:26 ` Andrei POPESCU
2012-08-01 17:20 ` Daniel Kahn Gillmor
2012-08-01 19:18 ` Jani Nikula [this message]
2012-08-02 7:21 ` Stefano Zacchiroli
2012-08-02 18:03 ` Jameson Graef Rollins
2012-08-02 19:20 ` Stefano Zacchiroli
2012-08-01 17:54 ` Kevin J. McCarthy
2012-08-01 19:28 ` Jani Nikula
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://notmuchmail.org/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d33av2sg.fsf@nikula.org \
--to=jani@nikula.org \
--cc=andreimpopescu@gmail.com \
--cc=dkg@fifthhorseman.net \
--cc=kevin@8t8.us \
--cc=notmuch@notmuchmail.org \
--cc=zack@upsilon.cc \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://yhetil.org/notmuch.git/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).