From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 5DF4C431FAF for ; Wed, 1 Aug 2012 12:19:03 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HlTdVasCbM0L for ; Wed, 1 Aug 2012 12:19:02 -0700 (PDT) Received: from mail-lb0-f181.google.com (mail-lb0-f181.google.com [209.85.217.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 85CC4431FAE for ; Wed, 1 Aug 2012 12:19:02 -0700 (PDT) Received: by lbbgk8 with SMTP id gk8so593899lbb.26 for ; Wed, 01 Aug 2012 12:18:59 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=from:to:cc:subject:in-reply-to:references:user-agent:date :message-id:mime-version:content-type:x-gm-message-state; bh=NKpyuSAEuPXitSPU36jjhcDVAGN7Gi1xE6DoP9MS0+8=; b=nXZqt7qOFyjtOhiJqOMFqVDR5aWzhA7DonlAA030A1PY/0HPbUQLgVBp9i7TOrVIGj +igCQFvQBZWZAJChD71iMtz3/X1KbOn1z+P4AH+8xwJs5DMy4T7DC9lmnCiQr4Dj5Nq+ SfKzOc/6BbiFB920Nv7UK0qbvFj89dCqx2H5kuosniV/3BFxwzxbHUFBPbflsh3IJvdI Jzyxo8dNCjktN1sZBq/1uu9Pldbtb3X5RkczUQLS3drTP33wYClFkly2zv9bkEcgE013 p6dcRt3kSsBZ9Nml5N6TSTN1O3G9h2PPWfD+TIcGdYt4P5HYlDW2u5U2GEf43ALwbGRU /CQA== Received: by 10.112.102.8 with SMTP id fk8mr8302241lbb.71.1343848739430; Wed, 01 Aug 2012 12:18:59 -0700 (PDT) Received: from localhost (dsl-hkibrasgw4-fe51df00-27.dhcp.inet.fi. [80.223.81.27]) by mx.google.com with ESMTPS id gv8sm3691440lab.14.2012.08.01.12.18.57 (version=SSLv3 cipher=OTHER); Wed, 01 Aug 2012 12:18:58 -0700 (PDT) From: Jani Nikula To: Daniel Kahn Gillmor , Andrei POPESCU Subject: Re: notmuch-mutt: support for duplicate message removal In-Reply-To: <50196548.3030504@fifthhorseman.net> References: <1343808582-9519-1-git-send-email-zack@upsilon.cc> <87pq7aam8n.fsf@nikula.org> <20120801162605.GA6012@sid.nuvreauspam> <50196548.3030504@fifthhorseman.net> User-Agent: Notmuch/0.13.2+104~gaee3080 (http://notmuchmail.org) Emacs/23.3.1 (i686-pc-linux-gnu) Date: Wed, 01 Aug 2012 22:18:55 +0300 Message-ID: <87d33av2sg.fsf@nikula.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Gm-Message-State: ALoCoQlo8yvbNQrsAOmJ2L1eObazV1kw8zWgcQTkSTaT7wH+pkl3RaDwRB7KprU+dxMsA8+HI4Uj Cc: notmuch@notmuchmail.org, "Kevin J. McCarthy" , Stefano Zacchiroli X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Aug 2012 19:19:03 -0000 On Wed, 01 Aug 2012, Daniel Kahn Gillmor wrote: > On 08/01/2012 12:26 PM, Andrei POPESCU wrote: >> I'm at least one user that cares enough about the distinction to have >> all list mails received via a different address, just to avoid Gmail's >> "feature" of silently dropping my own messages received via a list. >> IMVHO it should at least be configurable... > > The proposed feature could also exacerbate the previously-discussed > attack vector [0] whereby a malicious Message-ID collision can be used > to hide messages from the victim's mailstore. Just to clarify, the feature proposed in this patch series does not make the problem worse (as it would hide only fully identical messages, which is not useful for the malicious purpose). What I suggested [1] could indeed make notmuch-mutt as vulnerable to the attack vector as notmuch show, and the emacs ui, currently are (but not worse than that). BR, Jani. [1] id:"87pq7aam8n.fsf@nikula.org" > > --dkg > > [0] id:87k42vrqve.fsf@pip.fifthhorseman.net