Return-Path: <dme@dme.org>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 5D5DF40DDF7
	for <notmuch@notmuchmail.org>; Mon, 15 Nov 2010 02:26:24 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id tB2gTsjPXazI for <notmuch@notmuchmail.org>;
	Mon, 15 Nov 2010 02:26:13 -0800 (PST)
Received: from mail-wy0-f181.google.com (mail-wy0-f181.google.com
	[74.125.82.181])
	by olra.theworths.org (Postfix) with ESMTP id BBE7940DDE8
	for <notmuch@notmuchmail.org>; Mon, 15 Nov 2010 02:26:12 -0800 (PST)
Received: by wyb40 with SMTP id 40so6099336wyb.26
	for <notmuch@notmuchmail.org>; Mon, 15 Nov 2010 02:26:12 -0800 (PST)
Received: by 10.216.182.75 with SMTP id n53mr6096651wem.41.1289816771124;
	Mon, 15 Nov 2010 02:26:11 -0800 (PST)
Received: from ut.hh.sledj.net (host81-149-164-25.in-addr.btopenworld.com
	[81.149.164.25])
	by mx.google.com with ESMTPS id 7sm3609558wet.0.2010.11.15.02.26.07
	(version=TLSv1/SSLv3 cipher=RC4-MD5);
	Mon, 15 Nov 2010 02:26:08 -0800 (PST)
Received: by ut.hh.sledj.net (Postfix, from userid 1000)
	id 4EA78594056; Mon, 15 Nov 2010 10:23:53 +0000 (GMT)
To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
	notmuch <notmuch@notmuchmail.org>
Subject: Re: a proposed change to JSON output to report verification of
	PGP/MIME signatures.
In-Reply-To: <4CDE4486.2050101@fifthhorseman.net>
References: <4CDE4486.2050101@fifthhorseman.net>
User-Agent: Notmuch/0.5-6-g1e370fc (http://notmuchmail.org) Emacs/23.2.1
	(x86_64-pc-linux-gnu)
From: David Edmondson <dme@dme.org>
Date: Mon, 15 Nov 2010 10:23:53 +0000
Message-ID: <871v6mzxza.fsf@ut.hh.sledj.net>
MIME-Version: 1.0
Content-Type: text/plain
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2010 10:26:24 -0000

On Sat, 13 Nov 2010 02:55:50 -0500, Daniel Kahn Gillmor <dkg@fifthhorseman.net> wrote:
> It would end up like this (without the --verify flag):
> 
> ---------------------------
>  "body": [
>      {
>          "content": "here is a test message i signed on 2010-11-11.\n\n
>  --dkg\n\n",
>          "content-type": "text/plain",
>          "id": 1,
>          "signedby": [ 2 ]
>      },
>      {
>          "content-type": "application/pgp-signature",
>          "filename": "signature.asc",
>          "id": 2,
>          "signs": [ 1 ],
>          "sigstatus": [ {
>              "verified": "unknown"
>          } ]
>      }
>  ],
> ---------------------------

I think that this should become:

"body": [
    {
        "content-type": "multipart/signed",
        "id": 1,
        "content": [
             {
                 "content": "here is a test message i signed on 2010-11-11.\n\n --dkg\n\n",
                 "content-type": "text/plain",
                 "id": 2,
                 "signedby": [ 3 ],
             },
             {
                 "content-type": "application/pgp-signature",
                 "filename": "signature.asc",
                 "id": 3,
                 "signs": [ 2 ],
                 "sigstatus": [ {
                     "verified": "unknown"
                     } ]
              }
         ]
    }
],

i.e. the existence of the multipart/signed wrapper should be
explicit. In general, all MIME parts should be visible. Your email would
end up output something like
	http://dme.org/emacs/notmuch.multipart/thread.json
(well, that's the thread, but you can see your message as the first in
the thread).

We'd render that as shown in:
	http://dme.org/emacs/notmuch.multipart/screenshot.png
(the indentation of the parts there is optional - in this case it helps
a lot to show the structure).

The JSON output and the rendering are from a previous prototype (branch
'mp3' of https://github.com/dme/notmuch).

> and here it is with the --verify flag:

This would change in a similar manner (only the
application/pgp-signature part would change).

Changing the JSON output in this way would not materially affect your
proposal, I believe. There'd be some implicit changes in the output (for
example, if a signature signs a multipart/mixed part your proposal would
list it as signing the sub-parts of the multipart/mixed, but with my
additional changes it should be listed as signing the multipart/mixed
itself).

dme.
-- 
David Edmondson, http://dme.org