From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id UHsLFb9qSWSkJwEASxT56A (envelope-from ) for ; Wed, 26 Apr 2023 20:17:35 +0200 Received: from aspmx1.migadu.com ([2001:41d0:2:bcc0::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id 0GYEFb9qSWRXZAAAauVa8A (envelope-from ) for ; Wed, 26 Apr 2023 20:17:35 +0200 Received: from mail.notmuchmail.org (yantan.tethera.net [IPv6:2a01:4f9:c011:7a79::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id ADDCEFD33 for ; Wed, 26 Apr 2023 20:17:34 +0200 (CEST) Received: from yantan.tethera.net (localhost [127.0.0.1]) by mail.notmuchmail.org (Postfix) with ESMTP id 2954A5F727; Wed, 26 Apr 2023 18:17:32 +0000 (UTC) X-Greylist: delayed 435 seconds by postgrey-1.36 at yantan; Wed, 26 Apr 2023 18:17:29 UTC Received: from marcos.anarc.at (marcos.anarc.at [64.18.183.94]) by mail.notmuchmail.org (Postfix) with ESMTPS id 1DE245F38D for ; Wed, 26 Apr 2023 18:17:29 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=debian.org; s=marcos-debian.anarcat.user; t=1682532611; bh=58DwITbWxj3+Lkj9CxiuHNP2J0cvtrQEUDGL6kygqjU=; h=From:To:Cc:Subject:Date:From; b=Lv/XnE8H68roRspNre9j9ZcGlfZpF8cwSRcU7jFkZ7LVAvtDdZvhoBedVw1pPsx/J bCBzQ4Ymx9bzu68FqtFBr1kZKLb3Du0SqYsdKUm+QjMju12QKWwWNXkZ0wzPnYzOto 86g2XpaYkgnSWlOQLttl+L8lS3cqXhylSL6sOY74ke9gf9UP3zXKouRjND7+uWK4gd r9DOumMhNY2xb+D/xYbGK53B59p9d5jR/2gEpTE3QrGClkKLm090fmNAY1xvYluzbY tMD2qdkCtAuuMCIvXFBf99js83Az6gYuPXgXZMUCpXJZ3kMLGT3ituyYDan9l4R1sU xuNjbPhljwP3A== Received: by marcos.anarc.at (Postfix, from userid 1000) id CB32210E5CF; Wed, 26 Apr 2023 14:10:11 -0400 (EDT) Received: by angela.localdomain (Postfix, from userid 1000) id 2F038E1290; Wed, 26 Apr 2023 14:10:10 -0400 (EDT) From: =?utf-8?Q?Antoine_Beaupr=C3=A9?= To: Notmuch list Subject: revisiting Autocrypt in notmuch, MVP Organization: Debian Autocrypt: addr=anarcat@debian.org; prefer-encrypt=nopreference; keydata=xsFNBEogKJ4BEADHRk8dXcT3VmnEZQQdiAaNw8pmnoRG2QkoAvv42q9Ua+DRVe/yAEUd03EOXbMJl++YKWpVuzSFr7IlZ+/lJHOCqDeSsBD6LKBSx/7uH2EOIDizGwfZNF3u7X+gVBMy2V7rTClDJM1eT9QuLMfMakpZkIe2PpGE4g5zbGZixn9er+wEmzk2mt20RImMeLK3jyd6vPb1/Ph9+bTEuEXi6/WDxJ6+b5peWydKOdY1tSbkWZgdi+Bup72DLUGZATE3+Ju5+rFXtb/1/po5dZirhaSRZjZA6sQhyFM/ZhIj92mUM8JJrhkeAC0iJejn4SW8ps2NoPm0kAfVu6apgVACaNmFb4nBAb2k1KWru+UMQnV+VxDVdxhpV628Tn9+8oDg6c+dO3RCCmw+nUUPjeGU0k19S6fNIbNPRlElS31QGL4H0IazZqnE+kw6ojn4Q44h8u7iOfpeanVumtp0lJs6dE2nRw0EdAlt535iQbxHIOy2x5m9IdJ6q1wWFFQDskG+ybN2Qy7SZMQtjjOqM+CmdeAnQGVwxowSDPbHfFpYeCEb+Wzya337Jy9yJwkfa+V7e7Lkv9/OysEsV4hJrOh8YXu9a4qBWZvZHnIO7zRbz7cqVBKmdrL2iGqpEUv/x5onjNQwpjSVX5S+ZRBZTzah0w186IpXVxsU8dSk0yeQskblrwARAQABzS5BbnRvaW5lIEJlYXVwcsOpIChEZWJpYW4pIDxhbmFyY2F0QGRlYmlhbi5vcmc+wsGUBBMBCAAnAhsDBQsJCAcDBRUKCQgLBRYCAwEAAh4BAheABQJRqrE8BQkNLiMXACEJEHkhUlJ7dZIeFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4c8xAAr0NxIe7/ueyjngD8mC97Mil0vT2jsmLQ5mrxqMszUnOTcabnYw9WiBU4GgqeUEB36FvbOtiwzLAP7tVuXnnFqBY3zO4AXrpBOhZXHtjtM /MCwB/RQ6yb0324GX4zOOxjUUNFA/z6SocMbegFT9JesNwoDR+qJzj+hPOOfaGiR+v5Xwvy5MDmKo+7c/7k7t670vi+mF8etEPfIJO6Ww6RiIoUObn6xzlQTirKLwThCDdn9Vreg1MfyV7U0Cz2E0swSDjhPzWNdVZAlu8hG3MmXdPMJ60SDE5N+xsWXn9GQ2sz5HMeqQhV18M9/2dG4JSYwhlw8IvOiZF2FEP03CzflISkDpHmJp3HFE6feZFLzqSo/KJku1KZ1mxfSowdKbDWforkpHgDw2//CB/SoX20tpWvD+sQJ3D3AvIBlELvc2ZD5l4UG2sDS45TD8wVh9W3uV7gjzwC3ZBS+XaoH8XkmTMOtSgb4Y38bdv8bslM28wg7CM1Dwr6OuygTgRxOKW3prY/8WA29zZHG+II1lbJPCY/LSGUnYsBCoIAJaLHPy8Oe/hryT1zMWGtpEYNEcgBXyicteoh/w9/Ls4idE/XBI0fdusrD3WUH7Mvqq6ixnZibM8MRkveo+kJCaq27VFa9FdiczUORIjQeX2WYmt8z3W31InmzFRq2PfDmXZXO0LNJUFudG9pbmUgQmVhdXByw6kgPGFuYXJjYXRAZGViaWFuLm9yZz7CwZQEEwEIAD4CGwMFCwkIBwMFFQoJCAsFFgIDAQACHgECF4AWIQSNyQHOZBRsBIrVD7t5IVJSe3WSHgUCYoZxSQUJGnBS4gAKCRB5IVJSe3WSHlUuD/9n5i9LotiAE2Qc9ipEXeEHHUeRBlJINtHS+owXDRroHzg1vZF8w/5flT3+pOhw2MDpybLaGchzQvYVMlLy+Vn3SRn7J9iZKCCnxUQMCBsH6V+GihUXbmhWyPbVMgZMpmbcMmqZMKogKgl2b6CkIXWoTlQ+F8JGUHRowbS67Jvu+7jfgjKIhv4h5Xw1eOi7xCJc1w+I8I0oBP30AqpfbfAizBPJxlMga9IqUZxNL3WfXamXK4hzupXoILb+hB 5gCHFSpPuyJgHl/JbnKCAjXZYMTZO2TcQvi7XQDsCgjSB0Ur1om3opm73rDdePmpTCosIKBbK7wmI4gPvo/RHlX0dzhDWieNGDMZ6jef85ANAdvq3eSjJdv76Rzp6pFA9Cvrw6DWLlY4t6/0VdA8ykRNRJOBLnHlGliM7Z4JyPWciagxnIRNKNo8W+mnWWP3o1lK+qmDZfdLrJfkSfx2xdcHXo/8C1Cip22lnXn4dJ3pm4ov0RXX7VpULPkOcK7Mvf7bAHVucUVYaioLTEB3RjzaxdsYvxkrlKCdSntSTZtmZidNCuiP52/z3wDiQlxOXEmW/Agxn3LfSjgXpH/xSaJ5nBYGKgo74DuQ5VDiRZUbJRK8sd7FMrvLtPBQMXpVIoIr7VCIcQvWKk9+ap4id9NdKyCLFMiM5TbN6N1LdbMsz9FM7ATQRZngt6AQgAxFdvESs2793RGzqHDrCUFq9UdBB1HG0tu9Aq0GX2/VQmVpBZUP9cqahRUEo5plBmzV9ghuZor1bFulYJu4IPBxJ1Qqsy9NgT2ODpspbJGDBSOQa2tsETTUAYI4N/S/V1OPOuqtwUMyad69Hy0VR/IBzOeCX9BVZk8h6LUf14sOWGrzctqmkF3rKqlL/BwSIWtKxW5W7mCP3BcDrSeO4LtEJoK1NMrQ45Z5gzceK37DcpcEyB0tDnOz3s6ezMy5mcZ0zPW+VTKawF50K+K3sFwjlCgUraPo+Kw+f++w818Pem27nja7mrqW9iMtjh1zRpAdLyhQ98R7FxNse+TQaL7QARAQABwsKsBBgBCAAgFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlmeC3oCGwIBQAkQeSFSUnt1kh7AdCAEGQEIAB0WIQR7FkIE0JZyOwGWNas+od3dsmHZewUCWZ4LegAKCRA+od3dsmHZewqMB/0aexhxKD2U0lCvErO3K8EZrgCAxgW0j5GWxppuGzk2jbP4HmpXNrbFWKaDMe2 mIKlFvrfvOF3Iih0/m40b/LgZx3rHCmYA2qJg7gynNiVcserGphhWLmD3BhUXkXHZh9BTqDwp+2zFuZkz87Vf8CAPNC2Q/ZDyiF2p31MiNxyz9AT8GRuFk6SsyWmpUdQTcLtqBepBCtMph9y3w4ieUq+npiNo65uIB/v9fbsf8fkk+Lb5tj5h9wUkDj84Iqg4hXe0WaACIZsK9xVuHqbCvS7UsbIvYGdrwEwSjtaCrW+qJVv5HkE+rkAo6j0hqI8MxkU9rYRADR/ubelYdKAz2YaylF0QAMRzATRxGqKPzNLI2aPuThdyINazJyOl2yrJC7+obtd3AspltMP+ROF7mJ8kNXDQt6S76g0Gw8eZgD3wVR7qsSXUS0N8gzPw9kCLMZ5M0MItBbCbp4uL7ic1ivzRxwwr8TAodGJkoG6bVLYFvP54mrXdmOjG30RsVB6HLSrc6s4rwvISjExa4+AG2YYP3vUFQrIec0l7aVj9KhQybMUTMdP+N9p/XeF1IsuFOu9q/UNPUrMpwd0Dep02gk1giMRsYyG/vJCa0akxsMvzxJR1+pBdL0FFmTX9iE1dbHeiyv7P+7B/seK84FBB67Cq/6j72N61GP3UC3fqMF3rGPNwDTruqDFoUiZzzJLGzWuLSCim45sNwhSDn6GBzln9xbZ8nRzV6F34+JwV/KEp5H4SyC0yYH+iQxV38Opk7L/4zMyHw7OzztSytqDCtPqa0r0qDPGz/XZlRBiLq87Exo4UzgXG9M4MgpmFQ90uPL2ZU4B7MwHrNc8Ggsrd/7TsK81OSbESVZ7Pgf01GGkf7t6CAzA8oLxOTm1sV2hVZwgufa/s5dBWs2dKLspNgGCEcx3/p9Z/fBwp4ETuBUXpdssxg2Dtqyz5F0ZvjRwkb1AP4uMxpCbNgFdIbCivf8fLjJAYxwHQIXl4WPgrIsxs7Co438L4Kn/OC8AM0g3Wai1RNshkzsFNBEogKycBEACYbZwuqUnFo877 0OqwkxgGouoa0YjelS1VRSyDGjJ5VKfdhLYFUjacOpADbUU6Sl1AeXyD2VVK1XXxDdOrfev+ixONrYInwwBchU2WORXRx64tRhvwq9/TKVtlaggwrU0z1Vh01JVNWRut9QSfvTQfnHufE5i6+sAU0K0/lt+u3kRQQueBLCzW+80ALKQp/acNcX9VzRzhp6wEOK/QV4TluQfAs0XeJy0UMFYLcP3OTP243pgDqKtlpMDftJnyXuE0nx8BVKM17jdu+F/tBq9dH4afMRA2LkDNKrult2g1zAQcCLtI0zbnRBC7E84SlG6qbAXPVo8DTAmaArksP0U6RQVd+Zl26kKEIG3FO7lmbJS5fVr7/wuq414Hfhnl/EhgY06qtWZE7+VFyx0zUMz525DRBMc6k6Iv0HUoxTCAAp2pHjksXNHJH57HfaXxr9T1Mj8osKx4qlhcwYo8xiGRB8YTRhcQJF8EyUez3eNGu0Q8cGzuqf00iCLpuNSbbXnoSx8E0Q3UDTKMny8bjSxLTWEtLkdo2CNRD0HwjVlwnU9mSv5ehlT+o8gf6JRwSDq/qFV6iYfuPJIvHAEz3M4at31K+1Ir5oLhsA+u/+KJmeDwirc9YTZ3Z8mBUvUJXRBqPgLAdwKFKVSANF30FZMQ/SGa/mbumiep1quDNm7KMQARAQABwsF2BBgBCAAgAhsMFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlj3q2QACgkQeSFSUnt1kh5CIBAAk6cXZ/xSq8B9Pyw6WQ0ylhFpuONepdd0Y4UrfQlIWfxpthjX13FU36Bf4yl14Ix3FdQx43y1D5j1cDHapX+QAjohaiFDNmoPzhAEYd+esGBu2BKGzI19Ak4SnugFdtdfFzc0QcP0tiDtS1py+amhmD2TjVGvT49DmhK3SiJP1dcIHvGaGr9n0D2rrQXES1uVQN9zx9YIKKikOBEtYXPRwukmCs0whosbve5rv74zmvA2IDPt906LC 8jcvmws8OtsyZDH/PV9LU0nWiUo+TqdEq0b34I2wtmKSTp18R6/amlxWwWUIS43pmYus0c1DXiegNzc7PoCHOB+7P22AbXHeLoDxIQ3ghn33Ut06aR/T570V36Guc4+W7ChYI6o1qJQsgJhL3debV8+cjV7b66YA4YxeaMz4jaf9RHll+A8Wx9ote3a1buH18GrhWepXLAHCcZ7wgNvEZUJZhELv4BTsdWsVV3+hiLl50Eo0DeqiWwclGK3XP3BQsTztv5RrlMZ7nzfU72+dUIeeJWj4Bi65Q9obkHkg/UsWtDDVIzWNKi6mkXk/fWIG9iz2Bki6BVcfYmc+rGTbdOy6gsfajYLCcLHZsGLDaTLhW3O55Fo7ZRKs7F2R072DeueKeN0voXAIZpjs0GXHsOoe9XwCS3IoqrDwZwhHYAhhQFoWWXT5DA= Date: Wed, 26 Apr 2023 12:10:09 -0600 Message-ID: <87mt2utszi.fsf@angela.anarc.at> MIME-Version: 1.0 Message-ID-Hash: WMVYGX5JST4N2SLZZSAIKBBGFTZGEBDN X-Message-ID-Hash: WMVYGX5JST4N2SLZZSAIKBBGFTZGEBDN X-MailFrom: anarcat@debian.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-notmuch.notmuchmail.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: dkg@fifthhorseman.net, dme@dme.org X-Mailman-Version: 3.3.3 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: Content-Type: multipart/mixed; boundary="===============4627400787023659909==" X-Migadu-Flow: FLOW_IN X-Migadu-Country: DE ARC-Seal: i=1; s=key1; d=yhetil.org; t=1682533055; a=rsa-sha256; cv=none; b=OaIUq7p8Hj3ZkiBq2ifFEH1uAqjUuBWS1NjuCNyS/cV2hR/2n8bBvTOukwHXcRhEV+9yTn mDDxJp9dI1QovaK52SG3K36hhrZz/K3+wAuL9+dLcaAD9bAG9j2eR/cI/TDnXf+Ms+w4+C 0wEs3fDFoTdgu96IVdLPBqnEEd+wEPhtmCt6CAIAr44KnR6R3C41rW4iH2c7TTAQV/IT6Z lUgbu0dbSFYuYKbffES0ZSrOTMqVtUrllENgiDu/y4f8L0Qwmapc5cFQ4VSY0KDrGSvW86 71eGzQMYQWIDod5UzqJAV5inGCIAcxBUKxnLPY6MLOWIPTugB6N6+VXrNOyjhQ== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=debian.org header.s=marcos-debian.anarcat.user header.b="Lv/XnE8H"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1682533055; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: list-id:list-help:list-owner:list-unsubscribe:list-subscribe: list-post:dkim-signature:autocrypt:autocrypt; bh=5pr0vokwx8aIbVh64sWN2/MDcFnbyrcNBZ2OdaOZaOM=; b=MOEZnhcXDp7ENrnZH3BA9h52Y9CjMUsW1JjAYVUScwsTtX2A45Wx4pXfU7lzRtr1XPkfSf /j+qIAuRRDFIHpgVoPjFoYR7RvfTkZz3UP2tML1bO+uuhsamlx/2x570gOYe3xgNltShsQ afST97xtEIUjhty8hNReUZ4XCW6/8TDbefrPyDIHoBVIplH2md9ODIWRM8dDxbtG4MWGk1 OudqRjQcqkvg2UzXDpaxltHHcAVCnL6wYlxhwRYd3K9zp9FGoB8MFFnPnrrTwDeuoKHt0+ YXdXCX2AqVstDU2wGNdKrZS8hWCg5XaTCcuIwvwlNOOytDQ/3GSOjn9QBCnIaw== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("body hash did not verify") header.d=debian.org header.s=marcos-debian.anarcat.user header.b="Lv/XnE8H"; dmarc=none; spf=pass (aspmx1.migadu.com: domain of notmuch-bounces@notmuchmail.org designates 2a01:4f9:c011:7a79::1 as permitted sender) smtp.mailfrom=notmuch-bounces@notmuchmail.org X-Migadu-Spam-Score: 0.11 X-Spam-Score: 0.11 X-Migadu-Queue-Id: ADDCEFD33 X-TUID: U/+tt1BePkzR --===============4627400787023659909== Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Hi! I'm giving an OpenPGP training this week, which I haven't done in ages. A lot has changed since then: keyservers are basically dead (or have changed significantly), WKD and Autocrypt exist and are supported out of the box by Thunderbird, which simplifies a lot of things. While testing out Thunderbird, I realized I wasn't sending out autocrypt headers. I find those headers really precious, as they allow me to TOFU users when they send me encrypted email. I have a rough hack to parse incoming email and manually importing them in my keyring: https://gitlab.com/anarcat/scripts/-/blob/dd898332c4e6c829fd18455fe3f1bbbee= 37e9551/autocrypt-key-import That used to be a complicated Python program, but it turns out that sequoia directly supports parsing those headers! So it's now this one-liner: sq autocrypt decode | gpg --import So I have a basic MVP (minimal viable product) for importing keys. But what about *sending* keys, i.e. embedding keys in outgoing messages? Well, this (and parsing incoming keys too, obviously) is something that was discussed before: https://nmbug.notmuchmail.org/nmweb/show/20210221152132.2302112-1-dme%40dme= .org That discussion somewhat died out as dkg suggested to fix the problem more broadly, and things stalled there. And while autocrypt has a nice beautiful and brilliant spec that does everything, that's not what I'm looking at right now. And I don't think it's productive to block in this way at this point. So I made a bespoke implementation that just calls out to sequoia (and yes, also gpg, hopefully one day the latter can just go away) to insert autocrypt headers to outgoing mail. Here's the implementation: https://gitlab.com/anarcat/emacs-d/-/blob/354fabad24100f69310dd16a0d30ac3bd= 96d7244/notmuch-config.el#L14-31 It's brittle, but it works for my case. I don't think this is something that can be merged as-is in notmuch. It depends on gnupg and sequoia, and it's probably incorrect as far as the Autocrypt spec is concerned (in particular it doesn't use a UID to fingerprint map), but this all seems like things could be improved. So that's what I got. I hope that helps! :) a. =2D-=20 Celui qui ne conna=C3=AEt pas l'histoire est condamn=C3=A9 =C3=A0 la revivr= e. - Karl Marx --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAmRJaQEACgkQPqHd3bJh 2XsghwgAiVYAkrPcsmA2SPipUKTHR0HGPCZDOIJzA9hoqKJEP6IqXgFrdOBdhIES UNVK/wizM790CMcRmQDv5tbNfW1fbQ5qUphmwY5ZIcH99HRFZnPqpawCRIeXYSOK AWbVbI5S8b4PoJqycmKMIGRxQN4Wp9n3mgWILJAjcfCR7jmL8Ns11g1NlzUtxHEd jGC2kdgbcJ+gPVUrhVc4EhlxNepsBHlPZhzjV/+DUKts+JwoCiqIweJEM74TcVje 4pxPRiD4s1IZXzGhpKLbP0IjiRMkZWwl5WObPe8IJoZ/eg6mFBGcHw8KDFggqBWU KyRtMaLL+tEjTThGKGufy/F/DRYfVQ== =wzGz -----END PGP SIGNATURE----- --=-=-=-- --===============4627400787023659909== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============4627400787023659909==--