From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id E253A6DE10F9 for ; Sun, 12 Nov 2017 10:51:26 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mcVTMjP6cK_F for ; Sun, 12 Nov 2017 10:51:26 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id 1BAB06DE1034 for ; Sun, 12 Nov 2017 10:51:25 -0800 (PST) Received: from fifthhorseman.net (unknown [118.200.163.16]) by che.mayfirst.org (Postfix) with ESMTPSA id 3BAB0F99A; Sun, 12 Nov 2017 13:51:24 -0500 (EST) Received: by fifthhorseman.net (Postfix, from userid 1000) id 94FEC2048F; Mon, 13 Nov 2017 02:51:17 +0800 (+08) From: Daniel Kahn Gillmor To: Jameson Graef Rollins , Notmuch Mail Subject: Re: Stashed session keys In-Reply-To: <87tvy017f4.fsf@fifthhorseman.net> References: <20171025065203.24403-1-dkg@fifthhorseman.net> <87po8os887.fsf@ligo.caltech.edu> <87tvy017f4.fsf@fifthhorseman.net> Date: Mon, 13 Nov 2017 02:51:17 +0800 Message-ID: <87efp31gbe.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 12 Nov 2017 18:51:27 -0000 On Sun 2017-11-12 11:51:11 +0800, Daniel Kahn Gillmor wrote: > On Sat 2017-11-11 15:31:36 -0800, Jameson Graef Rollins wrote: >> I haven't decided what's the best way to do that yet, but something >> like the following happening automatically at inbox view might do the >> trick: >> >> notmuch reindex --try-decrypt=true (tag:inbox AND tag:encrypted) > > This seems like a reasonable way to ensure that your long-term, personal > secret keys only get accessed when you are interactively working with > your mail user agent. > > You might be able to target the reindex even more narrowly by adding > something like "AND not property:index-decryption=success" Sorry, this should be "AND not property:index.decryption=success" --dkg