From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id A118C6DE0297 for ; Sun, 22 Oct 2017 16:28:20 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.017 X-Spam-Level: X-Spam-Status: No, score=-0.017 tagged_above=-999 required=5 tests=[AWL=-0.017] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yS8k7X5L8LMD for ; Sun, 22 Oct 2017 16:28:19 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTP id BC0CF6DE024A for ; Sun, 22 Oct 2017 16:28:19 -0700 (PDT) Received: from fifthhorseman.net (ool-6c3a0662.static.optonline.net [108.58.6.98]) by che.mayfirst.org (Postfix) with ESMTPSA id ACDC0F99E for ; Sun, 22 Oct 2017 19:28:18 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id 8EB132041B; Sun, 22 Oct 2017 19:28:15 -0400 (EDT) From: Daniel Kahn Gillmor To: Notmuch Mail Subject: BUG: emacs: fcc duplicates messages with variant bodies due to mml security Date: Sun, 22 Oct 2017 19:28:12 -0400 Message-ID: <87k1zm225v.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 22 Oct 2017 23:28:20 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable I'm concerned that notmuch-emacs is causing variant messages of encrypted/signed messages to be generated. In particular, if notmuch-fcc-dirs is not nil, two variants of the message bodies will be created: one will be sent through "notmuch insert" and the other will be sent to sendmail. the mml security modes (e.g. "#secure method=3Dpgpmime mode=3Dsign" (in angle brackets)) take place after this bifurcation. The result for a signed message is: * the message sent to "notmuch insert" has one cryptographic signature * the message sent to sendmail has a different cryptographic signature, in particular if it is made more than 1 second later (some signature algorithms will produce identical signatures if made in the same second) You can try this out by: 0) put ignore-cache-for-signing in ~/.gnupg/gpg-agent.conf 1) run "gpgconf --kill gpg-agent" to ensure the config is re-read 2) send yourself a signed message with message-id $mid. =20 3) Pull it back in however you receive mail, and then: diff -u $(notmuch search --output=3Dfiles "id:$mid") If the messages were more than 1 second apart, you'll see the signature part differs. The result for an encrypted message is: * the message sent to "notmuch insert" is encrypted with one session key * the message sent to sendmail is encrypted with a different session key So the entire body of the message will be different. I'm currently working around this by setting notmuch-fcc-dirs to nil, and setting message-send-mail-hook to (dkg-notmuch-fcc), which is defined as: (defun dkg-notmuch-fcc () (shell-command-on-region (point-min) (point-max) "notmuch insert")) this takes advantage of message-send-mail-hook's late-send. as the documentation for that var says: This hook is run very late -- just before the message is sent as mail. But this isn't something normal users should need to do manually. Any emacs gurus want to propose a way to improve the situation? i'm at a bit of a loss. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEOCdgUepHf6PklTkyFJitxsGSMjcFAlntKYwACgkQFJitxsGS Mje/3Q//Y6GMLGlztrgki92nnJJtg9Pu/q+ex8aJq5Z1uzVhV7AmGY9RF+ZeSNrA ZscjnxZIUcrRqijb6xYH11kKXK47eaodESPeVNlx20MYVqAINVj2Md4hUzV8bzEy sN3gTTAFA6zwFdJ3kJvg6GeDoCEF0ZLdG/HhuZuNZs9AKpf8pkGAt+31oxIxTiMD elxvqgX9GZrqMuH28G57YI8BPwiRWQntUDX3YcCB4ifpCJcmJ3pZ0PDQWergfVCP kDrEF6pCef1hvFolq3WA3xaf9NiGiJ1gD2sBKMVHM4HhsJmsUMkyW5lX1asjqOZ+ 7FYgmu8keuHdRiqUp3qjOjUtHKta89+TMMS47AXW767GnjHbHaaMlP6hXWpfs+0V ANTLGObIX40ge0177ZUm6i5B7M4CpaKvddmAdwEwnV/yv9QVbu/8JdJCBdqGjDKq Dr3cspoBHR8RB1+EHeswJZVawAxJREwpc9Pu04qSnz1u4RwTBZWLel4QSMPlKe// 3IKCf4OOmNKaBVCHnyQteWcoLi1JmA69UHv04WP+g37e1BrO/VYCFrninVYzMjH6 KV1i68h3I9c+QJrLyTXq0z0gQ27PPOPywO0L8pwGZlzKUJ7ehOiMkqdCYXqNVMlV jUIbxc13e9G1HEaN110gVbPmxT9HWIkrbDea5rerm2/MF6kQMqw= =EE6l -----END PGP SIGNATURE----- --=-=-=--