Return-Path: <meskio@sindominio.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 1E10B431FBC
	for <notmuch@notmuchmail.org>; Sun, 10 Jan 2010 04:40:21 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id VvB9mVtOOm+w for <notmuch@notmuchmail.org>;
	Sun, 10 Jan 2010 04:40:20 -0800 (PST)
Received: from flatline.sindominio.net (flatline.sindominio.net [82.144.4.26])
	by olra.theworths.org (Postfix) with ESMTP id 18AD7431FAE
	for <notmuch@notmuchmail.org>; Sun, 10 Jan 2010 04:40:20 -0800 (PST)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by flatline.sindominio.net (Postfix) with ESMTP id 72710262AD9;
	Sun, 10 Jan 2010 13:40:17 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at sindominio.net
Received: from flatline.sindominio.net ([127.0.0.1])
	by localhost (flatline.sindominio.net [127.0.0.1]) (amavisd-new,
	port 10024)
	with ESMTP id 2LmKLZhfDJzy; Sun, 10 Jan 2010 13:40:14 +0100 (CET)
Received: from blackspot (222.162.87-79.rev.gaoland.net [79.87.162.222])
	by flatline.sindominio.net (Postfix) with ESMTPA id 7C9F3262A36;
	Sun, 10 Jan 2010 13:40:14 +0100 (CET)
Received: by blackspot (Postfix, from userid 1000)
	id C3D6D8BCBD; Sun, 10 Jan 2010 13:42:59 +0100 (CET)
Date: Sun, 10 Jan 2010 13:42:59 +0100
From: Ruben Pollan <meskio@sindominio.net>
To: micah anderson <micah@riseup.net>
Message-ID: <20100110124259.GK15677@blackspot>
References: <20091123130009.GA31695@finestructure.net>
	<20091126060132.GA5875@finestructure.net>
	<20100108025610.GA28357@lapse.rw.madduck.net>
	<20100108092121.GE7139@blackspot>
	<873a2gbd09.fsf@lillypad.riseup.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="vJI8q/aziP9idhqk"
Content-Disposition: inline
In-Reply-To: <873a2gbd09.fsf@lillypad.riseup.net>
User-Agent: Mutt/1.5.20 (2009-06-14)
Cc: notmuch@notmuchmail.org
Subject: Re: [notmuch] indexing encrypted messages (was:  OpenPGP support)
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Jan 2010 12:40:21 -0000


--vJI8q/aziP9idhqk
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On 14:41, Fri 08 Jan 10, micah anderson wrote:
> On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan <meskio@sindominio.net> w=
rote:
> > On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> > > How about indexing GPG-encrypted messages?
> >=20
> > I think that would be security hole. You should not store the
> > encrypted messages on a decrypted database. A solution whould be to
> > encrypt as well the xapian DB, but I think is too complex for the use.
>=20
> Would you consider it a security hole if you stored your database on
> encrypted media (such as on-disk block encryption)?

No, in this case should be not a security hole. But anyway what is secure a=
nd
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.

But I think notmuch by default should not do so. This kind of things should=
 be
something that the user activate by hand knowing what she is doing.

> I know that sup does this, when it ran over my mail store, it would
> trigger my gpg agent so that it could decrypt the encrypted
> messages. This was annoying because this happened every time it ran,
> which meant that unless I had used gpg recently, my agent would pop up
> and ask me for my passphrase, which was often.

I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the=20
out-of-the-box behavior.

> The way Mutt provides this functionality is by decrypting only when you
> perform the search itself.

Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.



--=20
Rub=E9n Poll=E1n  | jabber:meskio@jabber.org
-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=
=3D-=3D-=3D-=3D-=3D-
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el =E1ngel que hab=EDa en el otro.

--vJI8q/aziP9idhqk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Digital signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAktJy1MACgkQGKOQ92SwNML++gCeJIOb1Hj7TcM/omhtrjT95aI/
iZgAnR3tAYmWf1pDaeU9Cdf0Qmav/R8k
=lemX
-----END PGP SIGNATURE-----

--vJI8q/aziP9idhqk--