unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
* Emacs: Crypto: How to get automatic encryption?
@ 2012-01-03 19:56 Gregor Zattler
  2012-01-03 21:45 ` Jameson Graef Rollins
  0 siblings, 1 reply; 22+ messages in thread
From: Gregor Zattler @ 2012-01-03 19:56 UTC (permalink / raw)
  To: Notmuch Mail

Dear notmuch developers,

I replied to a PGP/MIME signed and encrypted e-mail and was
astonished to realise that my reply was sent unencrypted (and
unsigened for that matter).

Actually the message buffer in which I write replies has Auto
Encryption Mode enabled, but nothing happens.  

Till now I investigated customisable variables for notmuch,
message mode, epg but did not find a way to tell Emacs to sign
and encrypt an e-mail if the correspondent (signed and) and
encrypted her/his e-mail.  

Is this doable?   How so?

Thanks for an answer, happy new year and thanks again for notmuch, Gregor

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-03 19:56 Emacs: Crypto: How to get automatic encryption? Gregor Zattler
@ 2012-01-03 21:45 ` Jameson Graef Rollins
  2012-01-04  0:08   ` Gregor Zattler
                     ` (2 more replies)
  0 siblings, 3 replies; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-03 21:45 UTC (permalink / raw)
  To: Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 2027 bytes --]

On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler <telegraph@gmx.net> wrote:
> I replied to a PGP/MIME signed and encrypted e-mail and was
> astonished to realise that my reply was sent unencrypted (and
> unsigened for that matter).

Yikes!  Sorry this happened, and I hope nothing too sensitive was
exposed.

Auto signing of outgoing mail can be enabled by the following [0]:

(add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)

You can configure the message-setup-hook with the customization UI as
well.

Unfortunately, auto encrypting of replies to encrypted emails is not yet
implemented.  It is desperately needed, though, obviously.  So this is a
good excuse to start a discussion about how we could achieve this.

It just occurs to me that a way to do this would be to have notmuch
reply add the appropriate mml #secure tag for encryption to the output
reply template, maybe with something like a --emacs option.  That would
be pretty easy to implement, although it would obviously be very UI
specific.

Another possibility would be for notmuch reply to add some sort of
header to the reply message to indicate that the original was encrypted,
and then do something in emacs to try to read that header and add the
appropriate mml #secure tag.  That would also be easy to implement in
the notmuch CLI, and it would be more UI agnostic, but it would require
a lot more elisp.

Or maybe we could support both?

Any other suggestions?

> Actually the message buffer in which I write replies has Auto
> Encryption Mode enabled, but nothing happens.  

That's unfortunate.  Can you explain exactly how you set this up, and
how it didn't work?

> Till now I investigated customisable variables for notmuch,
> message mode, epg but did not find a way to tell Emacs to sign
> and encrypt an e-mail if the correspondent (signed and) and
> encrypted her/his e-mail.  

It's actually usually mml that is used with message-mode to
sign/encrypt message, not epg.

jamie.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-03 21:45 ` Jameson Graef Rollins
@ 2012-01-04  0:08   ` Gregor Zattler
  2012-01-04  8:36   ` David Edmondson
  2012-01-12 18:41   ` Jameson Graef Rollins
  2 siblings, 0 replies; 22+ messages in thread
From: Gregor Zattler @ 2012-01-04  0:08 UTC (permalink / raw)
  To: Jameson Graef Rollins, Gregor Zattler, Notmuch Mail

Hi Jamie, notmuch developers,
On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Tue, 3 Jan 2012 20:56:51 +0100, Gregor Zattler <telegraph@gmx.net> wrote:
> > I replied to a PGP/MIME signed and encrypted e-mail and was
> > astonished to realise that my reply was sent unencrypted (and
> > unsigened for that matter).
> 
> Yikes!  Sorry this happened, and I hope nothing too sensitive was
> exposed.

No :-)

> Auto signing of outgoing mail can be enabled by the following [0]:
> 
> (add-hook 'message-setup-hook mml-secure-message-sign-pgpmime)
> 
> You can configure the message-setup-hook with the customization UI as
> well.

I tried this and enabled mml-secure-message-encrypt-pgpmime too.
I did a test with an address I have no public key for.  I was
informed of the fact and asked if I want to skip this key.  The
result was an email encrypted only to me (I suppose it's a
sensible default to include the key of the sender in the list of
key to encrypt to), so it would be unreadable for the recipient :-(

> Unfortunately, auto encrypting of replies to encrypted emails is not yet
> implemented.  It is desperately needed, though, obviously.  So this is a
> good excuse to start a discussion about how we could achieve this.
> 
> It just occurs to me that a way to do this would be to have notmuch
> reply add the appropriate mml #secure tag for encryption to the output
> reply template, maybe with something like a --emacs option.  That would
> be pretty easy to implement, although it would obviously be very UI
> specific.
> 
> Another possibility would be for notmuch reply to add some sort of
> header to the reply message to indicate that the original was encrypted,
> and then do something in emacs to try to read that header and add the
> appropriate mml #secure tag.  That would also be easy to implement in
> the notmuch CLI, and it would be more UI agnostic, but it would require
> a lot more elisp.
> 
> Or maybe we could support both?
> 
> Any other suggestions?

I'm no developer; your second suggestion sounds more plausible
me since notmuch is a frontend-agnostic mail system.

> > Actually the message buffer in which I write replies has Auto
> > Encryption Mode enabled, but nothing happens.  
> 
> That's unfortunate.  Can you explain exactly how you set this up, and
> how it didn't work?

Actually I did not set it up.  I tested this again with emacs23
-q ...  It has something to do with EasyPG and therefore I assume
it only works on the level of file encryption if the file
associated with the buffer ends in .pgp  But that's a guess.


[...]
> It's actually usually mml that is used with message-mode to
> sign/encrypt message, not epg.

Thanks for your info.  Actually I'm a mutt user and I customised
mutt to opportunistically encrypt emails if I/gpg have/has public
keys for all recipients of an email.  I have no clue how to
achieve this with Emacs.

Ciao; Gregor

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-03 21:45 ` Jameson Graef Rollins
  2012-01-04  0:08   ` Gregor Zattler
@ 2012-01-04  8:36   ` David Edmondson
  2012-01-04  8:48     ` David Edmondson
  2012-01-12 18:41   ` Jameson Graef Rollins
  2 siblings, 1 reply; 22+ messages in thread
From: David Edmondson @ 2012-01-04  8:36 UTC (permalink / raw)
  To: Jameson Graef Rollins, Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 1112 bytes --]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> Any other suggestions?

In the function that I add to `message-send-hook' I do the following:

	(message-goto-body)
	;; If already set, don't override.
	(if (not (looking-at (regexp-quote "<#secure ")))
	    ;; If we can encrypt, do so, else just sign.
	    (if (and encrypt (dme:message-determine-encryption))
	        (insert "<#secure method=pgpmime mode=signencrypt>\n")
	      (insert "<#secure method=pgpmime mode=sign>\n"))))

Where `dme:message-determine-encryption' is:

(defun dme:message-determine-encryption ()
  "Return `t' if we have gpg public keys for all recipients of
this message."
  (require 'pgg)
  (if (not (message-news-p)) ; No encryption for news.
      (catch :exit
	(mapc
	 (lambda (addr)
	   (if (not (pgg-lookup-key (downcase (mail-strip-quoted-names addr))))
	       (throw :exit nil)))
	 (message-tokenize-header (concat
				   (message-fetch-field "to")
				   ","
				   (message-fetch-field "cc"))))
	t)
    nil))

(I'd probably re-write that to use a cl loop now - it's very old.)

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-04  8:36   ` David Edmondson
@ 2012-01-04  8:48     ` David Edmondson
  2012-01-15 22:27       ` Gregor Zattler
  0 siblings, 1 reply; 22+ messages in thread
From: David Edmondson @ 2012-01-04  8:48 UTC (permalink / raw)
  To: Jameson Graef Rollins, Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 275 bytes --]

On Wed, 04 Jan 2012 08:36:39 +0000, David Edmondson <dme@dme.org> wrote:
> 	    (if (and encrypt (dme:message-determine-encryption))

Oops. `encrypt' is set to `t' earlier if the code decides that I want to
encrypt outgoing mail (it's not set for work purposes, in essence).

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-03 21:45 ` Jameson Graef Rollins
  2012-01-04  0:08   ` Gregor Zattler
  2012-01-04  8:36   ` David Edmondson
@ 2012-01-12 18:41   ` Jameson Graef Rollins
  2012-01-12 19:05     ` Gregor Zattler
  2 siblings, 1 reply; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-12 18:41 UTC (permalink / raw)
  To: Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 1512 bytes --]

On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> Unfortunately, auto encrypting of replies to encrypted emails is not yet
> implemented.  It is desperately needed, though, obviously.  So this is a
> good excuse to start a discussion about how we could achieve this.
> 
> It just occurs to me that a way to do this would be to have notmuch
> reply add the appropriate mml #secure tag for encryption to the output
> reply template, maybe with something like a --emacs option.  That would
> be pretty easy to implement, although it would obviously be very UI
> specific.
> 
> Another possibility would be for notmuch reply to add some sort of
> header to the reply message to indicate that the original was encrypted,
> and then do something in emacs to try to read that header and add the
> appropriate mml #secure tag.  That would also be easy to implement in
> the notmuch CLI, and it would be more UI agnostic, but it would require
> a lot more elisp.

There is a set of patches in the queue to add a JSON output format for
reply, with the emacs UI then consuming that to construct the reply
template [0].  This will make it very easy to communicate to the emacs
UI that the original message was encrypted, and that the reply should be
similarly encrypted.  I'm going to wait until that patch set makes it
through, and then build this functionality on top of that.

jamie.

[0] id:"1326009162-19524-3-git-send-email-awg+notmuch@xvx.ca"

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-12 18:41   ` Jameson Graef Rollins
@ 2012-01-12 19:05     ` Gregor Zattler
  2012-01-12 19:28       ` Jameson Graef Rollins
  2012-01-12 19:29       ` Darren McGuicken
  0 siblings, 2 replies; 22+ messages in thread
From: Gregor Zattler @ 2012-01-12 19:05 UTC (permalink / raw)
  To: notmuch

Hi Jameson,
* Jameson Graef Rollins <jrollins@finestructure.net> [12. Jan. 2012]:
> On Tue, 03 Jan 2012 13:45:14 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
>> Unfortunately, auto encrypting of replies to encrypted emails is not yet
>> implemented.  It is desperately needed, though, obviously.  So this is a
>> good excuse to start a discussion about how we could achieve this.
[...]
> There is a set of patches in the queue to add a JSON output format for
> reply, with the emacs UI then consuming that to construct the reply
> template [0].  This will make it very easy to communicate to the emacs
> UI that the original message was encrypted, and that the reply should be
> similarly encrypted.  I'm going to wait until that patch set makes it
> through, and then build this functionality on top of that.
> [0] id:"1326009162-19524-3-git-send-email-awg+notmuch@xvx.ca"


That would be really great.

But how about not only replying encrypted but encrypting every
email if possible?  "Possible" could mean different things,
though:

1) encrypt if fully trusted suitable public keys for all
   recipients are GnuPG key ring.

2) encrypt if suitable public keys for all recipients are in
   GnuPGs key ring.

3) try to fetch suitable public keys from server in order to to
   check 2).


I for instance fiddled with my mutt configuration to achieve 1).

But I have no clue about how to do this with notmuch/Emacs.

Ciao, Gregor
-- 
 -... --- .-. . -.. ..--.. ...-.-

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-12 19:05     ` Gregor Zattler
@ 2012-01-12 19:28       ` Jameson Graef Rollins
  2012-01-12 19:29       ` Darren McGuicken
  1 sibling, 0 replies; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-12 19:28 UTC (permalink / raw)
  To: Gregor Zattler, notmuch

[-- Attachment #1: Type: text/plain, Size: 602 bytes --]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler <telegraph@gmx.net> wrote:
> But how about not only replying encrypted but encrypting every
> email if possible?  "Possible" could mean different things,
> though:

This is already easy to do in emacs, and doesn't require any special
notmuch support:

(add-hook 'message-setup-hook mml-secure-message-encrypt-pgpmime)

This is the same as what I suggested for auto-sign.  You might have to
do a little elisp hacking to do fancier stuff, but again, doing
something for all outgoing mail is more about message-mode, and is not
notmuch specific.

jamie.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-12 19:05     ` Gregor Zattler
  2012-01-12 19:28       ` Jameson Graef Rollins
@ 2012-01-12 19:29       ` Darren McGuicken
  1 sibling, 0 replies; 22+ messages in thread
From: Darren McGuicken @ 2012-01-12 19:29 UTC (permalink / raw)
  To: Gregor Zattler, notmuch

[-- Attachment #1: Type: text/plain, Size: 457 bytes --]

On Thu, 12 Jan 2012 20:05:14 +0100, Gregor Zattler <telegraph@gmx.net> wrote:
> 2) encrypt if suitable public keys for all recipients are in
>    GnuPGs key ring.
[...]
> But I have no clue about how to do this with notmuch/Emacs.

Isn't that what David provides an elisp-snippet for in
id:"cunk4576ezs.fsf@hotblack-desiato.hh.sledj.net"?

I've been using it myself since it was posted and it seems to work
according to the behaviour you desire in point 2.

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-04  8:48     ` David Edmondson
@ 2012-01-15 22:27       ` Gregor Zattler
  2012-01-17  4:48         ` Antoine Beaupré
  0 siblings, 1 reply; 22+ messages in thread
From: Gregor Zattler @ 2012-01-15 22:27 UTC (permalink / raw)
  To: David Edmondson, Jameson Graef Rollins, Gregor Zattler,
	Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 947 bytes --]

Hi David, notmuch developers,
On Wed, 04 Jan 2012 08:48:43 +0000, David Edmondson <dme@dme.org> wrote:
> On Wed, 04 Jan 2012 08:36:39 +0000, David Edmondson <dme@dme.org> wrote:
> > 	    (if (and encrypt (dme:message-determine-encryption))
> 
> Oops. `encrypt' is set to `t' earlier if the code decides that I want to
> encrypt outgoing mail (it's not set for work purposes, in essence).

Thanks for your code.  It works here too and is much appreciated.  

[Off topic: I'm working through the mime-security customisation
at the moment.  As far as I see now mime-security proposes all
ultimately trusted keys for signing and does not filter this list
of keys with the email address in the From: header.  As a mutt
user I'm used otherwise: mutt is configurable to only show a key
selection menu if there are more than one key which fit the
relevant address -- otherwise it uses this only one without
further ado.]

Ciao; Gregor

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-15 22:27       ` Gregor Zattler
@ 2012-01-17  4:48         ` Antoine Beaupré
  2012-01-17  9:19           ` David Edmondson
  2012-01-17 15:39           ` David Edmondson
  0 siblings, 2 replies; 22+ messages in thread
From: Antoine Beaupré @ 2012-01-17  4:48 UTC (permalink / raw)
  To: Gregor Zattler, David Edmondson, Jameson Graef Rollins,
	Gregor Zattler, Notmuch Mail


[-- Attachment #1.1: Type: text/plain, Size: 1446 bytes --]

Jumping in here, I have modified the previously posted code here to
provide me with a more complete solution.

With the attach code, I can:

 * automatically encrypt mails if all recipients have a *valid* public
   key. The previous patch allowed encryption if a key existed but was
   revoked, which cause a weird UX issue where the user would be
   bothered with "No public key for..."

 * not have specify if i want to encrypt the mail or not: it is
   encrypted if possible

 * try to autodetect (by running the function directly) if the mail will
   be crypted and signed or just signed before sending

 * explicitely request the mail to be encrypted or just signed, if I
   want to, using the usual keybindings (ie. the existing #secure tags
   are respected)

So basically, this replaces the common hook:

(add-hook 'message-setup-hook 'mml-secure-sign-pgpmime)

with this:

(add-hook 'message-send-hook 'anarcat/message-set-encryption)

The rationale behind this technique is that the setup-hook runs when
recipients are not yet defined so it will always set the mail to be only
signed, even though your final recipients should be crypted. 

An alternative would be for notmuch to prompt the To: header before
setting up the buffer ("à la" Mutt), but I didn't feel like going that
way.

Code is attached. Obviously, those function names would change if they
would be to integrate into notmuch. ;)


[-- Attachment #1.2: notmuch-opportunistic.el --]
[-- Type: application/emacs-lisp, Size: 1886 bytes --]

[-- Attachment #1.3: Type: text/plain, Size: 288 bytes --]


Opportunistic encryption, here we go.

a.

-- 
Evil exists to glorify the good. Evil is negative good.
It is a relative term. Evil can be transmuted into good.
What is evil to one at one time,
becomes good at another time to somebody else.
                        - Sivananda

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-17  4:48         ` Antoine Beaupré
@ 2012-01-17  9:19           ` David Edmondson
  2012-01-17 16:12             ` Antoine Beaupré
  2012-01-24 21:34             ` micah anderson
  2012-01-17 15:39           ` David Edmondson
  1 sibling, 2 replies; 22+ messages in thread
From: David Edmondson @ 2012-01-17  9:19 UTC (permalink / raw)
  To: Antoine Beaupré, Gregor Zattler, Jameson Graef Rollins,
	Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 587 bytes --]

On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré <anarcat@anarcat.ath.cx> wrote:
> Jumping in here, I have modified the previously posted code here to
> provide me with a more complete solution.

This looks good. I'll switch over to using it.

> Code is attached. Obviously, those function names would change if they
> would be to integrate into notmuch. ;)

I wondered about pushing to have notmuch do this by default. In general
I like the idea, but it suffers if a recipient occasionally uses a mail
client that does not support decryption (phone, PDA, webmail, ...).

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-17  4:48         ` Antoine Beaupré
  2012-01-17  9:19           ` David Edmondson
@ 2012-01-17 15:39           ` David Edmondson
  1 sibling, 0 replies; 22+ messages in thread
From: David Edmondson @ 2012-01-17 15:39 UTC (permalink / raw)
  To: Antoine Beaupré, Gregor Zattler, Jameson Graef Rollins,
	Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 550 bytes --]

>        (if (and force (re-search-forward "<#secure [> >]*>\n" nil t))
> 	   (replace-match "" nil nil))
>        ;; If we can encrypt, do so, else just sign.
>        (if (or force (not (re-search-forward "<#secure [> >]*>\n" nil t)))

Is this second test for `force' necessary? If `force' is set then you'll
remove the <#secure..> just above, so it will not be found here.

> 	   (if (anarcat/message-guess-encryption)
> 	       (insert "<#secure method=pgpmime mode=signencrypt>\n")
> 	     (insert "<#secure method=pgpmime mode=sign>\n"))
> 	 )

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-17  9:19           ` David Edmondson
@ 2012-01-17 16:12             ` Antoine Beaupré
  2012-01-24 21:34             ` micah anderson
  1 sibling, 0 replies; 22+ messages in thread
From: Antoine Beaupré @ 2012-01-17 16:12 UTC (permalink / raw)
  To: David Edmondson, Gregor Zattler, Jameson Graef Rollins,
	Gregor Zattler, Notmuch Mail

On Tue, 17 Jan 2012 09:19:51 +0000, David Edmondson <dme@dme.org> wrote:
> On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré <anarcat@anarcat.ath.cx> wrote:
> > Jumping in here, I have modified the previously posted code here to
> > provide me with a more complete solution.
> 
> This looks good. I'll switch over to using it.

Awesome!

> > Code is attached. Obviously, those function names would change if they
> > would be to integrate into notmuch. ;)
> 
> I wondered about pushing to have notmuch do this by default. In general
> I like the idea, but it suffers if a recipient occasionally uses a mail
> client that does not support decryption (phone, PDA, webmail, ...).

Well, it your call: you can disable encryption on the fly by setting the
message to just signing...

I have also found out (to great pains) that it is kind of difficult to
*completely* disable signing or encrypting, as the send-hook will
happily add back the #secure line even if you remove it.

A workaround is to set "mode=none" in the #secure line manually. Maybe
C-c RET C-n could do that instead of just removing the line?

On Tue, 17 Jan 2012 15:39:52 +0000, David Edmondson <dme@dme.org> wrote:
> >        (if (and force (re-search-forward "<#secure [> >]*>\n" nil t))
> > 	   (replace-match "" nil nil))
> >        ;; If we can encrypt, do so, else just sign.
> >        (if (or force (not (re-search-forward "<#secure [> >]*>\n" nil t)))
> 
> Is this second test for `force' necessary? If `force' is set then you'll
> remove the <#secure..> just above, so it will not be found here.

Yes, it is. If force is true, the search-forward will not be ran at
all. The idea here is that if we do not force (ie. if we're running in
the hook), we do not want to override the existing #secure tags, to
respect the users' choices.

Cheers,

A.

-- 
Antoine Beaupré +++ Réseau Koumbit Networks +++ +1.514.387.6262 #208
--------------------------------------------------------------------

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-17  9:19           ` David Edmondson
  2012-01-17 16:12             ` Antoine Beaupré
@ 2012-01-24 21:34             ` micah anderson
  2012-01-25  0:10               ` Jameson Graef Rollins
  1 sibling, 1 reply; 22+ messages in thread
From: micah anderson @ 2012-01-24 21:34 UTC (permalink / raw)
  To: David Edmondson, Antoine Beaupré, Gregor Zattler,
	Jameson Graef Rollins, Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 941 bytes --]

On Tue, 17 Jan 2012 09:19:51 +0000, David Edmondson <dme@dme.org> wrote:
> On Mon, 16 Jan 2012 23:48:30 -0500, Antoine Beaupré <anarcat@anarcat.ath.cx> wrote:
> > Jumping in here, I have modified the previously posted code here to
> > provide me with a more complete solution.
> 
> This looks good. I'll switch over to using it.
> 
> > Code is attached. Obviously, those function names would change if they
> > would be to integrate into notmuch. ;)
> 
> I wondered about pushing to have notmuch do this by default. In general
> I like the idea, but it suffers if a recipient occasionally uses a mail
> client that does not support decryption (phone, PDA, webmail, ...).

It seems like the original message has not made it through the list
moderation still. 

David replied to it because it was sent to him, but the list email
hasn't come through yet (I want this functionality, so I'm dying to see
the patch!)

micah

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-24 21:34             ` micah anderson
@ 2012-01-25  0:10               ` Jameson Graef Rollins
  2012-01-25  6:23                 ` David Edmondson
  0 siblings, 1 reply; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-25  0:10 UTC (permalink / raw)
  To: micah anderson, David Edmondson, Antoine Beaupré,
	Gregor Zattler, Gregor Zattler, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 588 bytes --]

On Tue, 24 Jan 2012 16:34:32 -0500, micah anderson <micah@riseup.net> wrote:
> David replied to it because it was sent to him, but the list email
> hasn't come through yet (I want this functionality, so I'm dying to see
> the patch!)

Hey, Micah.  There an outstanding patch series that add a new JSON reply
format, and then uses that in emacs [0].  Once that's in, it will be
relatively easy to implement auto-reply-to-encrypted.  I'm going to work
on implementing that as soon as the above patch gets pushed to master.

jamie.

id:"1326995217-27423-1-git-send-email-awg+notmuch@xvx.ca"

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25  0:10               ` Jameson Graef Rollins
@ 2012-01-25  6:23                 ` David Edmondson
  2012-01-25  9:26                   ` Jameson Graef Rollins
  0 siblings, 1 reply; 22+ messages in thread
From: David Edmondson @ 2012-01-25  6:23 UTC (permalink / raw)
  To: Jameson Graef Rollins, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 739 bytes --]

On Tue, 24 Jan 2012 16:10:47 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Tue, 24 Jan 2012 16:34:32 -0500, micah anderson <micah@riseup.net> wrote:
> > David replied to it because it was sent to him, but the list email
> > hasn't come through yet (I want this functionality, so I'm dying to see
> > the patch!)
> 
> Hey, Micah.  There an outstanding patch series that add a new JSON reply
> format, and then uses that in emacs [0].  Once that's in, it will be
> relatively easy to implement auto-reply-to-encrypted.  I'm going to work
> on implementing that as soon as the above patch gets pushed to master.

Can you explain the logic that will apply to determine whether or not a
reply is encrypted?

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25  6:23                 ` David Edmondson
@ 2012-01-25  9:26                   ` Jameson Graef Rollins
  2012-01-25 10:20                     ` David Edmondson
  0 siblings, 1 reply; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-25  9:26 UTC (permalink / raw)
  To: David Edmondson, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 410 bytes --]

On Wed, 25 Jan 2012 06:23:01 +0000, David Edmondson <dme@dme.org> wrote:
> Can you explain the logic that will apply to determine whether or not a
> reply is encrypted?

My plan was to modify notmuch-reply.c to include a flag in the JSON
output if the message being replied to was encrypted.  The emacs reply
function could then look for that flag and add the ml-secure directive
to encrypt the reply.

jamie.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25  9:26                   ` Jameson Graef Rollins
@ 2012-01-25 10:20                     ` David Edmondson
  2012-01-25 17:45                       ` Jameson Graef Rollins
  0 siblings, 1 reply; 22+ messages in thread
From: David Edmondson @ 2012-01-25 10:20 UTC (permalink / raw)
  To: Jameson Graef Rollins, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 620 bytes --]

On Wed, 25 Jan 2012 01:26:19 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Wed, 25 Jan 2012 06:23:01 +0000, David Edmondson <dme@dme.org> wrote:
> > Can you explain the logic that will apply to determine whether or not a
> > reply is encrypted?
> 
> My plan was to modify notmuch-reply.c to include a flag in the JSON
> output if the message being replied to was encrypted.  The emacs reply
> function could then look for that flag and add the ml-secure directive
> to encrypt the reply.

Isn't it still necessary to ensure that you have encryption keys
appropriate to the recipient?

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25 10:20                     ` David Edmondson
@ 2012-01-25 17:45                       ` Jameson Graef Rollins
  2012-01-25 19:09                         ` Daniel Kahn Gillmor
  2012-01-26  8:53                         ` David Edmondson
  0 siblings, 2 replies; 22+ messages in thread
From: Jameson Graef Rollins @ 2012-01-25 17:45 UTC (permalink / raw)
  To: David Edmondson, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 891 bytes --]

On Wed, 25 Jan 2012 10:20:26 +0000, David Edmondson <dme@dme.org> wrote:
> Isn't it still necessary to ensure that you have encryption keys
> appropriate to the recipient?

I want to ensure that all replies to encrypted to be encrypted.  I would
rather have the reply fail outright than fall back to unencrypted.

Here's a behavior that I think would be reasonable:

 * notmuch reply outputs JSON encrypted flag

 * emacs does a quick check to see if the needed key is available

 * if key not available: give a nice mini-buffer prompt, something like:
 
    'encryption key for "Foo Bar <foo@bar.com>" not found.  Retrieve?'

   * if response is yes: call gpg to retrieve the key

 * if key available: add encrypt flag

   else: I feel like this should abort, but maybe there's something to
         be done here.  Allow reply but don't quote the original?

jamie.

[-- Attachment #2: Type: application/pgp-signature, Size: 835 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25 17:45                       ` Jameson Graef Rollins
@ 2012-01-25 19:09                         ` Daniel Kahn Gillmor
  2012-01-26  8:53                         ` David Edmondson
  1 sibling, 0 replies; 22+ messages in thread
From: Daniel Kahn Gillmor @ 2012-01-25 19:09 UTC (permalink / raw)
  To: Jameson Graef Rollins; +Cc: Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 1744 bytes --]

On 01/25/2012 12:45 PM, Jameson Graef Rollins wrote:
> Here's a behavior that I think would be reasonable:
> 
>  * notmuch reply outputs JSON encrypted flag
> 
>  * emacs does a quick check to see if the needed key is available
> 
>  * if key not available: give a nice mini-buffer prompt, something like:
>  
>     'encryption key for "Foo Bar <foo@bar.com>" not found.  Retrieve?'
> 
>    * if response is yes: call gpg to retrieve the key
> 
>  * if key available: add encrypt flag
> 
>    else: I feel like this should abort, but maybe there's something to
>          be done here.  Allow reply but don't quote the original?

I note from observing my own correspondence practices that there are
some other heuristics that might be reasonable, if we're willing to be
more sophisticated here too.

For example:

 * if the entire encrypted message body was signed by key X (which we
either have or fetch), and
 * X has a User ID which matches the address to which we're replying, and
 * we don't have a technically-valid matching User ID for the e-mail
address (so we wouldn't normally want to encrypt mail to key X),

then

 we could offer (or default) to encrypt the reply to that key anyway, on
the grounds that the keyholder in question knew the contents of the
original message anyway.

Some visual indication of being in this corner-case state would be nice,
of course.

While i'm dreaming, I'd also love to be able to get some statistics
about how many messages in a given thread have this kind
encryption/signing response.  It would be interesting for some sort of
measurement of e-mail+keyholding continuity, which would be useful in a
more generalized contacts+crypto manager.

	--dkg


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 1030 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

* Re: Emacs: Crypto: How to get automatic encryption?
  2012-01-25 17:45                       ` Jameson Graef Rollins
  2012-01-25 19:09                         ` Daniel Kahn Gillmor
@ 2012-01-26  8:53                         ` David Edmondson
  1 sibling, 0 replies; 22+ messages in thread
From: David Edmondson @ 2012-01-26  8:53 UTC (permalink / raw)
  To: Jameson Graef Rollins, Notmuch Mail

[-- Attachment #1: Type: text/plain, Size: 1811 bytes --]

On Wed, 25 Jan 2012 09:45:01 -0800, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> On Wed, 25 Jan 2012 10:20:26 +0000, David Edmondson <dme@dme.org> wrote:
> > Isn't it still necessary to ensure that you have encryption keys
> > appropriate to the recipient?
> 
> I want to ensure that all replies to encrypted to be encrypted.  I
> would rather have the reply fail outright than fall back to
> unencrypted.

That's a policy decision that a user can (and perhaps should) take, but
not something that should be enforced by the tool. Encouraging this
approach is fine, of course. I can think of various situations where I
might send an un-encrypted reply to an encrypted message.

> Here's a behavior that I think would be reasonable:
> 
>  * notmuch reply outputs JSON encrypted flag
> 
>  * emacs does a quick check to see if the needed key is available
> 
>  * if key not available: give a nice mini-buffer prompt, something like:
>  
>     'encryption key for "Foo Bar <foo@bar.com>" not found.  Retrieve?'
> 
>    * if response is yes: call gpg to retrieve the key
> 
>  * if key available: add encrypt flag
> 
>    else: I feel like this should abort, but maybe there's something to
>          be done here.  Allow reply but don't quote the original?

How about:
    - notmuch reply outputs JSON encrypted flag,
    - emacs inserts the relevant mml to request that the reply is sent
      encrypted if the flag is present.

With this approach the default behaviour is to send an encrypted reply
to an encrypted message, but the user has the chance to change the
behaviour using familiar (well, as familiar as mml can be) tools.

Adding improvements to retrieve keys for outgoing messages would be
generally useful - it's not just an issue for replies.

[-- Attachment #2: Type: application/pgp-signature, Size: 197 bytes --]

^ permalink raw reply	[flat|nested] 22+ messages in thread

end of thread, other threads:[~2012-01-26  8:53 UTC | newest]

Thread overview: 22+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2012-01-03 19:56 Emacs: Crypto: How to get automatic encryption? Gregor Zattler
2012-01-03 21:45 ` Jameson Graef Rollins
2012-01-04  0:08   ` Gregor Zattler
2012-01-04  8:36   ` David Edmondson
2012-01-04  8:48     ` David Edmondson
2012-01-15 22:27       ` Gregor Zattler
2012-01-17  4:48         ` Antoine Beaupré
2012-01-17  9:19           ` David Edmondson
2012-01-17 16:12             ` Antoine Beaupré
2012-01-24 21:34             ` micah anderson
2012-01-25  0:10               ` Jameson Graef Rollins
2012-01-25  6:23                 ` David Edmondson
2012-01-25  9:26                   ` Jameson Graef Rollins
2012-01-25 10:20                     ` David Edmondson
2012-01-25 17:45                       ` Jameson Graef Rollins
2012-01-25 19:09                         ` Daniel Kahn Gillmor
2012-01-26  8:53                         ` David Edmondson
2012-01-17 15:39           ` David Edmondson
2012-01-12 18:41   ` Jameson Graef Rollins
2012-01-12 19:05     ` Gregor Zattler
2012-01-12 19:28       ` Jameson Graef Rollins
2012-01-12 19:29       ` Darren McGuicken

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).