unofficial mirror of notmuch@notmuchmail.org
 help / color / mirror / code / Atom feed
* Stashed session keys
@ 2017-10-25  6:51 Daniel Kahn Gillmor
  2017-10-25  6:51 ` [PATCH 01/18] mime-node: handle decrypt_result more safely Daniel Kahn Gillmor
                   ` (20 more replies)
  0 siblings, 21 replies; 47+ messages in thread
From: Daniel Kahn Gillmor @ 2017-10-25  6:51 UTC (permalink / raw)
  To: Notmuch Mail

Now that cleartext indexing is merged, let's add the ability to stash
session keys!

Background
==========

Encrypted e-mail messages are "hybrid" encryption.  The message body
is encrypted with an ephemeral session key, and then that session key
is itself encrypted to the user's public key.

If an MUA retains (or obtains) a copy of the session key for a given
message, it can access the cleartext of that message without needing
any access to the user's private key material.

This offers possible wins in efficiency, usability, convenience *and*
security, as the series hopefully makes clear.

Decryption Policies
===================

At the end of the series, there are four sensible policies defined for
message decryption and stashing of session keys.  There are only two i
expect to see any widespread regular use: "auto", and "true".  But
hopefully the reasons for including the other two policies ("false"
and "nostash") are made clear by the series itself.

I'll replicate here the table this series adds to notmuch-config(1),
in describing the available values for index.try_decrypt:

   +------------------------+-------+------+---------+------+
   |                        | false | auto | nostash | true |
   +========================+=======+======+=========+======+
   | Index cleartext using  |       |  X   |    X    |  X   |
   | stashed session keys   |       |      |         |      |
   +------------------------+-------+------+---------+------+
   | Index cleartext        |       |      |    X    |  X   |
   | using secret keys      |       |      |         |      |
   +------------------------+-------+------+---------+------+
   | Stash session keys     |       |      |         |  X   |
   +------------------------+-------+------+---------+------+
   | Delete stashed session |   X   |      |         |      |
   | keys on reindex        |       |      |         |      |
   +------------------------+-------+------+---------+------+


Please let me know what you think!  I'd love feedback and critique.

Happy hacking,

       --dkg

^ permalink raw reply	[flat|nested] 47+ messages in thread

end of thread, other threads:[~2017-12-02  1:56 UTC | newest]

Thread overview: 47+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-25  6:51 Stashed session keys Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 01/18] mime-node: handle decrypt_result more safely Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 02/18] crypto: add _notmuch_crypto_decrypt wrapper function Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available Daniel Kahn Gillmor
2017-10-26 19:00   ` Daniel Kahn Gillmor
2017-11-14 13:02   ` David Bremner
2017-11-14 13:54     ` Daniel Kahn Gillmor
2017-11-15 12:59       ` David Bremner
2017-10-25  6:51 ` [PATCH 04/18] test/corpora: add an encrypted message for index decryption tests Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys Daniel Kahn Gillmor
2017-11-14 13:13   ` David Bremner
2017-11-14 13:58     ` Daniel Kahn Gillmor
2017-11-14 14:27       ` David Bremner
2017-10-25  6:51 ` [PATCH 06/18] lib: convert notmuch decryption policy to an enum Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 07/18] crypto: new decryption policy "auto" Daniel Kahn Gillmor
2017-11-11 23:14   ` Jameson Graef Rollins
2017-11-12  3:39     ` Daniel Kahn Gillmor
2017-11-12 15:26       ` Jameson Graef Rollins
2017-11-14 13:21   ` David Bremner
2017-10-25  6:51 ` [PATCH 08/18] cli/reply: use decryption policy "auto" by default Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 09/18] cli/show: " Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 10/18] cli/show, reply: document use of stashed session keys in notmuch-properties Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto Daniel Kahn Gillmor
2017-11-15 20:02   ` David Bremner
2017-10-25  6:51 ` [PATCH 12/18] crypto: record whether an actual decryption attempt happened Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default Daniel Kahn Gillmor
2017-11-16 12:40   ` David Bremner
2017-11-30  6:16     ` Daniel Kahn Gillmor
2017-10-25  6:51 ` [PATCH 14/18] cli/reindex: destroy stashed session keys when --try-decrypt=false Daniel Kahn Gillmor
2017-10-25  6:52 ` [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true Daniel Kahn Gillmor
2017-11-16 12:53   ` David Bremner
2017-11-30 15:57     ` Daniel Kahn Gillmor
2017-12-02  1:56       ` David Bremner
2017-10-25  6:52 ` [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys Daniel Kahn Gillmor
2017-10-25 14:46   ` Daniel Kahn Gillmor
2017-11-16 13:02   ` David Bremner
2017-10-25  6:52 ` [PATCH 17/18] docs: clean up documentation about decryption policies Daniel Kahn Gillmor
2017-10-25  6:52 ` [PATCH 18/18] python: add try_decrypt argument to Database.index_file() Daniel Kahn Gillmor
2017-11-16 13:06   ` David Bremner
2017-11-30 15:58     ` Daniel Kahn Gillmor
2017-11-11  7:56 ` Stashed session keys Daniel Kahn Gillmor
2017-11-11 23:31 ` Jameson Graef Rollins
2017-11-12  3:51   ` Daniel Kahn Gillmor
2017-11-12 15:15     ` Jameson Graef Rollins
2017-11-12 18:51     ` Daniel Kahn Gillmor
2017-11-15 22:41 ` meskio
2017-11-16 16:03   ` Daniel Kahn Gillmor

Code repositories for project(s) associated with this public inbox

	https://yhetil.org/notmuch.git/

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).