Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 37E7940DBF8 for ; Tue, 16 Nov 2010 12:11:20 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: -1.89 X-Spam-Level: X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_MIME_NO_TEXT=0.01] autolearn=unavailable Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Fm+xi-dRWs5p for ; Tue, 16 Nov 2010 12:11:09 -0800 (PST) Received: from tarap.cc.columbia.edu (tarap.cc.columbia.edu [128.59.29.7]) by olra.theworths.org (Postfix) with ESMTP id BA9E440DADE for ; Tue, 16 Nov 2010 12:11:09 -0800 (PST) Received: from servo.finestructure.net (pool-108-27-62-5.nycmny.fios.verizon.net [108.27.62.5]) (user=jgr2110 author=jrollins@finestructure.net mech=PLAIN bits=0) by tarap.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id oAGKB2AC026945 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT); Tue, 16 Nov 2010 15:11:03 -0500 (EST) Received: from jrollins by servo.finestructure.net with local (Exim 4.72) (envelope-from ) id 1PIRrq-0002BM-5d; Tue, 16 Nov 2010 15:11:02 -0500 From: Jameson Rollins To: Carl Worth , Daniel Kahn Gillmor , notmuch Subject: Re: a proposed change to JSON output to report verification of PGP/MIME signatures. In-Reply-To: <87hbfhdpa6.fsf@yoom.home.cworth.org> References: <4CDE4486.2050101@fifthhorseman.net> <87hbfhdpa6.fsf@yoom.home.cworth.org> User-Agent: Notmuch/0.5 (http://notmuchmail.org) Emacs/23.2.1 (i486-pc-linux-gnu) Date: Tue, 16 Nov 2010 15:10:59 -0500 Message-ID: <87wrod9gh8.fsf@servo.finestructure.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha256; protocol="application/pgp-signature" X-No-Spam-Score: Local X-Scanned-By: MIMEDefang 2.68 on 128.59.29.7 X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Nov 2010 20:11:20 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth wrote: > The only other piece I think I'd like to see is actually making the > content of the signature pieces available in the json output. Then, a > client could do its own verification. >=20 > Then if we had that would we not want to add the --verify support into > notmuch? (My guess is that we still would want it.) Hey, Carl. I think your suggestion to include the signatures in the output is a reasonable. However, (I could be misunderstanding your suggestion but) I really think the Right thing is for notmuch to do the verification itself. I would almost say that --verify should be the default, with a --no-verify option. It will make things much easier for all the UIs if notmuch handles the verification and just outputs the result. jamie. --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCAAGBQJM4uVTAAoJEO00zqvie6q8lhwQAJb7hMz+trFFiAoyoCdNfna4 /QN36aEcr7O+fKAhwLtqVGvJI3ljA0lD3h7BarC4FGaZx0ZR8f1LDE8uDTRT/DOt 5t2zfPWEXlPgkKZngyl+7h/uZ2GHUuP1B93BWi+yiK4rlKvrkjYyBiySAYEVR3n9 sfT/7oBjFH8OATFzHPaQzNM53R5YWvCxzGFZjZFa3gA8eHUN76MXQIlDZ9qgIfhj dIQ9RkfBm5l+szVKELrwFKD1bgd6OacFXVRmn2dpANE05fuztctm5rUizS3zw/mk zxhctrfJ1Zv5B5BKBhgqrMsYm9PsgJsfkXQH/+SkQZyjY0xfLkiP2ikMlebyTrEA F3boq7PkDbA2PAuD5RhwfZgBwFEgYaz98FeBAWTFVxvd9wpWdAat/Yd4JTAHGbT8 ot3akMSERtiKFK852QfLSt1fU53CIHXgVNdecYxDnZBl+X4pTIkzwkdVUZR9/xVj LdJgM6M0otpGMSjfSIgAd5/zCwNvEu0+0rzY54sTD7daViTMU/7WnpTluRXixdDA zVk8pfaRu9mLdloHI1Y0EhxOS4TbZ7CVVgnG3crUcuf4JFVlPOa19IRZdbNEXlE9 rWAzzF1kv/pXKtc90+tNcBcv5xZAGLL5vwPWHlvrKwiXpYtv5QhF6/cvmo2FmBPu oFOfHEkm6l/5K7VllJrB =iR0i -----END PGP SIGNATURE----- --=-=-=--