Return-Path: <dkg@fifthhorseman.net>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id ADD5C431FAF
	for <notmuch@notmuchmail.org>; Sun,  7 Jul 2013 16:08:33 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level: 
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]
	autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id v2lOKIr6EhDv for <notmuch@notmuchmail.org>;
	Sun,  7 Jul 2013 16:08:28 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])
	by olra.theworths.org (Postfix) with ESMTP id 396BC431FAE
	for <notmuch@notmuchmail.org>; Sun,  7 Jul 2013 16:08:28 -0700 (PDT)
Received: from [10.156.156.160] (cpe-69-204-251-149.nyc.res.rr.com
	[69.204.251.149])
	by che.mayfirst.org (Postfix) with ESMTPSA id 6419FF97F;
	Sun,  7 Jul 2013 19:08:23 -0400 (EDT)
Message-ID: <51D9F4E6.1030504@fifthhorseman.net>
Date: Sun, 07 Jul 2013 19:08:22 -0400
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:17.0) Gecko/20130630 Icedove/17.0.7
MIME-Version: 1.0
To: Neil Roberts <neil@linux.intel.com>
Subject: Re: [PATCH 0/2] Prompting for the GPG password within Emacs
References: <1373195672-9338-1-git-send-email-neil@linux.intel.com>
In-Reply-To: <1373195672-9338-1-git-send-email-neil@linux.intel.com>
X-Enigmail-Version: 1.5.1
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature";
	boundary="----enig2SSCGSASEDNCAEHGCMEIM"
Cc: notmuch@notmuchmail.org
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 07 Jul 2013 23:08:33 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2SSCGSASEDNCAEHGCMEIM
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Hi Niel--

On 07/07/2013 07:14 AM, Neil Roberts wrote:

> I've recently started using notmuch to try and read PGP-encrypted
> email. However the trouble is I normally access my email remotely via
> SSH and it's very difficult to get gpg-agent to work in those
> circumstances. I've therefore made some patches to try and get Emacs
> to prompt for the password. They are based on the way mml communicates
> with gpg by having two pipes so that notmuch can notify Emacs that it
> needs a password and it will reply on the other.

I strongly encourage you to get the gpg-agent model sorted out for your
use case, instead of moving in the direction of this patch series.

The fewer tools that handle your OpenPGP passphrase the better, and
future versions of GnuPG will not be able to work without the gpg-agent
anyway (all secret key activity will be handled by the agent as of gnupg
version 2.1, if i understand upstream's development plans correctly).

I personally hope that notmuch (and notmuch-emacs) will resist the urge
to try to handle any sort of sensitive material like secret keys or
passphrases directly, but will leave that work to libraries or
out-of-process agents.

Can you describe what you've tried in terms of using gpg-agent?  where
are your secret keys stored?  are they on your local machine, or on the
remote machine?

Regards,

	--dkg


------enig2SSCGSASEDNCAEHGCMEIM
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQJ8BAEBCgBmBQJR2fTmXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB
NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcvLoP/2I4h0TeYVC+J9/k/5pxieaG
oAYJ9XZ8D0i6UZi4jQqlK9yq6O4WN0URRXKoFURUdL6+09P2jTUvsyBo21C9Z1PN
dV4xkTy5lMYRbRjOcm0CAl1VRoMcH/8gH1Ae09jr+MpmK5Qn6MHYVrllzSK/p31v
yL9dozLeZtiSdRXpFtq31XKqhhOH7dhZDWB0/T4DKZfHqZ+VYIEIc3Y6esK6Mj5A
haCam/SLQSfPbvZWvhTRJnFuQXLNSwrWJH/pTJd6za8mASzjbtXhtjVCs7xmEPtW
buTfdqCG2/YUr6ZnwTESvRz2MkFgglgm8zstpLObdQcljyzTU2E2bPyIJ7IplyYT
auphsZyeohzX8FC9PK45J0RqJqKWU85XgbZxAbYVDcRY+STrRz+cz+582ktIPTD+
kkSUrLWyKI3Ixo+mbUeOhlDkO40bslP1qm01j/gy3NU6qwfPVx6jHJ+YhlAYcGp6
HcFNEsvyghU1hLUbbeHb+jsuZ/2zJBb1sJaBRYV0hymIuToooT6Jea8eMNbg/jj0
acx1cSxsPCn03KLY4LxKnER1qoWCekhiQZQtSYzU51xhVW1ElEDPWNGsPqJk4wS1
WFCl8iSS4GVo+KTlqfyWTQLGOVHAhOaKl4AgAknSaUdPIpxYwPc8pSdj8WhFNDNj
xXxbWe7vnSwVEhoGWPp5
=SXrO
-----END PGP SIGNATURE-----

------enig2SSCGSASEDNCAEHGCMEIM--