From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by arlo.cworth.org (Postfix) with ESMTP id A8E886DE1300 for ; Mon, 3 Jun 2019 06:38:01 -0700 (PDT) X-Virus-Scanned: Debian amavisd-new at cworth.org X-Spam-Flag: NO X-Spam-Score: -0.199 X-Spam-Level: X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5 tests=[AWL=0.002, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=disabled Received: from arlo.cworth.org ([127.0.0.1]) by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vC47XRtv2KvB for ; Mon, 3 Jun 2019 06:38:00 -0700 (PDT) Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118]) by arlo.cworth.org (Postfix) with ESMTPS id 9F5BC6DE105D for ; Mon, 3 Jun 2019 06:38:00 -0700 (PDT) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1559569079; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=a4dSTk1QywDRRCVD3XSr22WgaIr2ssBXvxcngQGMX+Y=; b=Q0WhPC+DT1CJE5u3uVrS9te/1k4KiI8iUA+Q0vyiKyDJFAKalAO0H6Na y9dmuGUR6eM3wU/y4R/FlRkJ5wTpDA== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1559569079; h=from : to : subject : in-reply-to : references : date : message-id : mime-version : content-type : from; bh=a4dSTk1QywDRRCVD3XSr22WgaIr2ssBXvxcngQGMX+Y=; b=xYQ22sbmaZFYmZshqP/8aU5tHCPQSIGmwrN/VzdvB2BElDrtdvK+lh4G buw9U34low8LfAXXYCoZ1SSwuIsTntTuGpWeH6d05ycv0BBHkEz3vnIowK Zd1P8uWqX9BDN7LY6u+lXbOmsECBSRHhjX8jaG48XdtU/ja1vcT6wdvQ0C pAsw3OziNyQgj/rc9RDZhG3GqF1jgJ0NPwpu8gCIS8h7ijDh1R0QBbtk2v bH6siI8USo3CnIa4Do0uWbT3JG89Ap+Ry2059sWRKdOtUbB8BBBnN+wWjI c87N+ia+JuEA5EwVW2RezJWMj8sFglC8hZIHDDmH+QUKJKyt+EeYmQ== Received: from fifthhorseman.net (unknown [38.109.115.130]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id D8702F99D; Mon, 3 Jun 2019 09:37:26 -0400 (EDT) Received: by fifthhorseman.net (Postfix, from userid 1000) id F1C4620437; Mon, 3 Jun 2019 09:17:13 -0400 (EDT) From: Daniel Kahn Gillmor To: =?utf-8?Q?=C3=96rjan?= Ekeberg , Ralph Seichter , notmuch@notmuchmail.org Subject: Re: feature request: caching message arrival time In-Reply-To: <87v9xnt5as.fsf@swing.csc.kth.se> References: <8736kuhtky.fsf@fifthhorseman.net> <875zpppevs.fsf@ra.horus-it.com> <87tvd9gw5w.fsf@fifthhorseman.net> <87v9xnt5as.fsf@swing.csc.kth.se> Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/ iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+ sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw== Date: Mon, 03 Jun 2019 09:17:13 -0400 Message-ID: <87muiyhkpy.fsf@fifthhorseman.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 03 Jun 2019 13:38:01 -0000 --=-=-= Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable On Mon 2019-06-03 10:57:15 +0200, =C3=96rjan Ekeberg wrote: > Daniel Kahn Gillmor writes: > >> So Autocrypt defines the "effective date" of a message as the *earliest* >> of two dates: the date that the message is first seen, and the Date: >> header itself. So we want our augmented Autocrypt header ingestion >> routine to search for all other messages we know about from the sender >> that have both a later firstseen=3D property *and* a later Date: header. > > Would it be possible to use the earliest date seen in any of the > Received: headers as a safeguard against future-dated messages? Sure, assuming that you trust the closest MTA in the chain of MTAs that handed the message off to you, since an adversarial proximal MTA could manipulate all the existing Received: headers as well. But I'm a bit uncomfortable with it: this sort of protection actually opens up a new attack vector that didn't exist before -- any MTA in the chain can now make the message seem like it was actually from the *past*, just by setting its own Received: header. Technically, of course, any MTA could munge the actual Date: header as well to perform this kind of attack, but that munging would at least have the potential to be detected by anyone who cares to verify DKIM headers; but Received: headers are impossible to cover with DKIM. If there was no expense to the indexing and storage, i'd say it would be good to just go ahead and index the earliest Received: header as well, to have that data trivially available as a data point in evaluating incoming messages. But since it sounds like there's a cost (in performance and storage) that would need to be profiled, i don't know that i can say it's worth the tradeoff. Since notmuch actually knows when it recieved the message, it seems like it would be simplest (and less vulnerable to manipulation) to just record that timestamp directly. --dkg --=-=-= Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXPUd2QAKCRB2GBllKa5f +BZDAQD+RobjMxFyqrRmsTXsv8jvVz7xA+6sTz5i7zwIgxqKfgEA0ZExSjErDZ/h NYxoUiZbXLCz8h7kuLzJnC2i31yosAc= =whFx -----END PGP SIGNATURE----- --=-=-=--