From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 6136B431FAF for ; Thu, 26 Jan 2012 00:53:26 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -0.7 X-Spam-Level: X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5 tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vUU9L34R3n0o for ; Thu, 26 Jan 2012 00:53:25 -0800 (PST) Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com [209.85.212.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by olra.theworths.org (Postfix) with ESMTPS id 8B11F431FAE for ; Thu, 26 Jan 2012 00:53:25 -0800 (PST) Received: by wibhi8 with SMTP id hi8so232020wib.26 for ; Thu, 26 Jan 2012 00:53:24 -0800 (PST) Received: by 10.180.24.105 with SMTP id t9mr1823674wif.19.1327568004245; Thu, 26 Jan 2012 00:53:24 -0800 (PST) Received: from hotblack-desiato.hh.sledj.net (host81-149-164-25.in-addr.btopenworld.com. [81.149.164.25]) by mx.google.com with ESMTPS id d9sm4221152wiy.2.2012.01.26.00.53.22 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 26 Jan 2012 00:53:22 -0800 (PST) Received: by hotblack-desiato.hh.sledj.net (Postfix, from userid 30000) id EF3769FD9F; Thu, 26 Jan 2012 08:53:20 +0000 (GMT) To: Jameson Graef Rollins , Notmuch Mail Subject: Re: Emacs: Crypto: How to get automatic encryption? In-Reply-To: <878vkv7k2q.fsf@servo.finestructure.net> References: <87pqejj5nl.fsf@marcos.anarcat.ath.cx> <87ehuo7pjr.fsf@algae.riseup.net> <87ehuoljzs.fsf@servo.finestructure.net> <87liow6slg.fsf@servo.finestructure.net> <878vkv7k2q.fsf@servo.finestructure.net> User-Agent: Notmuch/0.11+114~g550724b (http://notmuchmail.org) Emacs/24.0.92.1 (x86_64-pc-linux-gnu) From: David Edmondson Date: Thu, 26 Jan 2012 08:53:20 +0000 Message-ID: MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha1; protocol="application/pgp-signature" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 26 Jan 2012 08:53:26 -0000 --=-=-= Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Wed, 25 Jan 2012 09:45:01 -0800, Jameson Graef Rollins wrote: > On Wed, 25 Jan 2012 10:20:26 +0000, David Edmondson wrote: > > Isn't it still necessary to ensure that you have encryption keys > > appropriate to the recipient? >=20 > I want to ensure that all replies to encrypted to be encrypted. I > would rather have the reply fail outright than fall back to > unencrypted. That's a policy decision that a user can (and perhaps should) take, but not something that should be enforced by the tool. Encouraging this approach is fine, of course. I can think of various situations where I might send an un-encrypted reply to an encrypted message. > Here's a behavior that I think would be reasonable: >=20 > * notmuch reply outputs JSON encrypted flag >=20 > * emacs does a quick check to see if the needed key is available >=20 > * if key not available: give a nice mini-buffer prompt, something like: >=20=20 > 'encryption key for "Foo Bar " not found. Retrieve?' >=20 > * if response is yes: call gpg to retrieve the key >=20 > * if key available: add encrypt flag >=20 > else: I feel like this should abort, but maybe there's something to > be done here. Allow reply but don't quote the original? How about: - notmuch reply outputs JSON encrypted flag, - emacs inserts the relevant mml to request that the reply is sent encrypted if the flag is present. With this approach the default behaviour is to send an encrypted reply to an encrypted message, but the user has the chance to change the behaviour using familiar (well, as familiar as mml can be) tools. Adding improvements to retrieve keys for outgoing messages would be generally useful - it's not just an issue for replies. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iEYEARECAAYFAk8hFIAACgkQaezQq/BJZRYmVwCfTcVgXyz+yXySlEZphtOXaxfy vbgAn3LrogNQVa8HEtsFAOjN+oDtnBiU =P3tD -----END PGP SIGNATURE----- --=-=-=--