81/68a580710d323e0cebc36c5d24586538300a47

   1 Return-Path: <jrollins@finestructure.net>\r
   2 X-Original-To: notmuch@notmuchmail.org\r
   3 Delivered-To: notmuch@notmuchmail.org\r
   4 Received: from localhost (localhost [127.0.0.1])\r
   5         by olra.theworths.org (Postfix) with ESMTP id 37E7940DBF8\r
   6         for <notmuch@notmuchmail.org>; Tue, 16 Nov 2010 12:11:20 -0800 (PST)\r
   7 X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
   8 X-Spam-Flag: NO\r
   9 X-Spam-Score: -1.89\r
  10 X-Spam-Level: \r
  11 X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5\r
  12         tests=[BAYES_00=-1.9, T_MIME_NO_TEXT=0.01] autolearn=unavailable\r
  13 Received: from olra.theworths.org ([127.0.0.1])\r
  14         by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
  15         with ESMTP id Fm+xi-dRWs5p for <notmuch@notmuchmail.org>;\r
  16         Tue, 16 Nov 2010 12:11:09 -0800 (PST)\r
  17 Received: from tarap.cc.columbia.edu (tarap.cc.columbia.edu [128.59.29.7])\r
  18         by olra.theworths.org (Postfix) with ESMTP id BA9E440DADE\r
  19         for <notmuch@notmuchmail.org>; Tue, 16 Nov 2010 12:11:09 -0800 (PST)\r
  20 Received: from servo.finestructure.net\r
  21         (pool-108-27-62-5.nycmny.fios.verizon.net [108.27.62.5])\r
  22         (user=jgr2110 author=jrollins@finestructure.net mech=PLAIN bits=0)\r
  23         by tarap.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id oAGKB2AC026945\r
  24         (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT);\r
  25         Tue, 16 Nov 2010 15:11:03 -0500 (EST)\r
  26 Received: from jrollins by servo.finestructure.net with local (Exim 4.72)\r
  27         (envelope-from <jrollins@finestructure.net>)\r
  28         id 1PIRrq-0002BM-5d; Tue, 16 Nov 2010 15:11:02 -0500\r
  29 From: Jameson Rollins <jrollins@finestructure.net>\r
  30 To: Carl Worth <cworth@cworth.org>,\r
  31         Daniel Kahn Gillmor <dkg@fifthhorseman.net>,\r
  32         notmuch <notmuch@notmuchmail.org>\r
  33 Subject: Re: a proposed change to JSON output to report verification of\r
  34         PGP/MIME signatures.\r
  35 In-Reply-To: <87hbfhdpa6.fsf@yoom.home.cworth.org>\r
  36 References: <4CDE4486.2050101@fifthhorseman.net>\r
  37         <87hbfhdpa6.fsf@yoom.home.cworth.org>\r
  38 User-Agent: Notmuch/0.5 (http://notmuchmail.org) Emacs/23.2.1\r
  39         (i486-pc-linux-gnu)\r
  40 Date: Tue, 16 Nov 2010 15:10:59 -0500\r
  41 Message-ID: <87wrod9gh8.fsf@servo.finestructure.net>\r
  42 MIME-Version: 1.0\r
  43 Content-Type: multipart/signed; boundary="=-=-=";\r
  44         micalg=pgp-sha256; protocol="application/pgp-signature"\r
  45 X-No-Spam-Score: Local\r
  46 X-Scanned-By: MIMEDefang 2.68 on 128.59.29.7\r
  47 X-BeenThere: notmuch@notmuchmail.org\r
  48 X-Mailman-Version: 2.1.13\r
  49 Precedence: list\r
  50 List-Id: "Use and development of the notmuch mail system."\r
  51         <notmuch.notmuchmail.org>\r
  52 List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
  53         <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
  54 List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
  55 List-Post: <mailto:notmuch@notmuchmail.org>\r
  56 List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
  57 List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
  58         <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
  59 X-List-Received-Date: Tue, 16 Nov 2010 20:11:20 -0000\r
  60 \r
  61 --=-=-=\r
  62 Content-Transfer-Encoding: quoted-printable\r
  63 \r
  64 On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth <cworth@cworth.org> wrote:\r
  65 > The only other piece I think I'd like to see is actually making the\r
  66 > content of the signature pieces available in the json output. Then, a\r
  67 > client could do its own verification.\r
  68 >=20\r
  69 > Then if we had that would we not want to add the --verify support into\r
  70 > notmuch? (My guess is that we still would want it.)\r
  71 \r
  72 Hey, Carl.  I think your suggestion to include the signatures in the\r
  73 output is a reasonable.  However, (I could be misunderstanding your\r
  74 suggestion but) I really think the Right thing is for notmuch to do the\r
  75 verification itself.  I would almost say that --verify should be the\r
  76 default, with a --no-verify option.  It will make things much easier for\r
  77 all the UIs if notmuch handles the verification and just outputs the\r
  78 result.\r
  79 \r
  80 jamie.\r
  81 \r
  82 --=-=-=\r
  83 Content-Type: application/pgp-signature\r
  84 \r
  85 -----BEGIN PGP SIGNATURE-----\r
  86 Version: GnuPG v1.4.10 (GNU/Linux)\r
  87 \r
  88 iQIcBAEBCAAGBQJM4uVTAAoJEO00zqvie6q8lhwQAJb7hMz+trFFiAoyoCdNfna4\r
  89 /QN36aEcr7O+fKAhwLtqVGvJI3ljA0lD3h7BarC4FGaZx0ZR8f1LDE8uDTRT/DOt\r
  90 5t2zfPWEXlPgkKZngyl+7h/uZ2GHUuP1B93BWi+yiK4rlKvrkjYyBiySAYEVR3n9\r
  91 sfT/7oBjFH8OATFzHPaQzNM53R5YWvCxzGFZjZFa3gA8eHUN76MXQIlDZ9qgIfhj\r
  92 dIQ9RkfBm5l+szVKELrwFKD1bgd6OacFXVRmn2dpANE05fuztctm5rUizS3zw/mk\r
  93 zxhctrfJ1Zv5B5BKBhgqrMsYm9PsgJsfkXQH/+SkQZyjY0xfLkiP2ikMlebyTrEA\r
  94 F3boq7PkDbA2PAuD5RhwfZgBwFEgYaz98FeBAWTFVxvd9wpWdAat/Yd4JTAHGbT8\r
  95 ot3akMSERtiKFK852QfLSt1fU53CIHXgVNdecYxDnZBl+X4pTIkzwkdVUZR9/xVj\r
  96 LdJgM6M0otpGMSjfSIgAd5/zCwNvEu0+0rzY54sTD7daViTMU/7WnpTluRXixdDA\r
  97 zVk8pfaRu9mLdloHI1Y0EhxOS4TbZ7CVVgnG3crUcuf4JFVlPOa19IRZdbNEXlE9\r
  98 rWAzzF1kv/pXKtc90+tNcBcv5xZAGLL5vwPWHlvrKwiXpYtv5QhF6/cvmo2FmBPu\r
  99 oFOfHEkm6l/5K7VllJrB\r
 100 =iR0i\r
 101 -----END PGP SIGNATURE-----\r
 102 --=-=-=--\r