Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 8DBDA431FC3 for ; Sat, 9 Jan 2010 13:39:44 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id un+hfDSAIc-7 for ; Sat, 9 Jan 2010 13:39:43 -0800 (PST) Received: from mx1.riseup.net (mx1.riseup.net [204.13.164.18]) by olra.theworths.org (Postfix) with ESMTP id B4662431FBD for ; Sat, 9 Jan 2010 13:39:42 -0800 (PST) Received: from [127.0.0.1] (localhost [127.0.0.1]) (Authenticated sender: micah@mx1.riseup.net) with ESMTPSA id EFDDA25EAC0 Received: by lillypad (Postfix, from userid 1000) id 26EBE4B0053; Fri, 8 Jan 2010 14:41:31 -0500 (EST) From: micah anderson To: Ruben Pollan , notmuch@notmuchmail.org In-Reply-To: <20100108092121.GE7139@blackspot> References: <20091123130009.GA31695@finestructure.net> <20091126060132.GA5875@finestructure.net> <20100108025610.GA28357@lapse.rw.madduck.net> <20100108092121.GE7139@blackspot> Date: Fri, 08 Jan 2010 14:41:26 -0500 Message-ID: <873a2gbd09.fsf@lillypad.riseup.net> MIME-Version: 1.0 Content-Type: multipart/signed; boundary="=-=-="; micalg=pgp-sha512; protocol="application/pgp-signature" X-Virus-Scanned: clamav-milter 0.95.3 at mx1 X-Virus-Status: Clean Subject: Re: [notmuch] indexing encrypted messages (was: OpenPGP support) X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 09 Jan 2010 21:39:45 -0000 --=-=-= Content-Transfer-Encoding: quoted-printable On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan wro= te: > On 15:56, Fri 08 Jan 10, martin f krafft wrote: > > How about indexing GPG-encrypted messages? >=20 > I think that would be security hole. You should not store the > encrypted messages on a decrypted database. A solution whould be to > encrypt as well the xapian DB, but I think is too complex for the use. Would you consider it a security hole if you stored your database on encrypted media (such as on-disk block encryption)? I know that sup does this, when it ran over my mail store, it would trigger my gpg agent so that it could decrypt the encrypted messages. This was annoying because this happened every time it ran, which meant that unless I had used gpg recently, my agent would pop up and ask me for my passphrase, which was often. The way Mutt provides this functionality is by decrypting only when you perform the search itself. micah --=-=-= Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) iQIcBAEBCgAGBQJLR4pnAAoJEIy/mjIoYaeQbIAP/j9pdoNJzyXrHHFlV5HClFPl c5K8MqiZESIjkB/13iFoWtN+/SX5ACK7mYnXuHG7awWL/31FVmGKBSklrah/1izn yNL+PokOBAR23s42jRQMQrxgIL9xWBDixV7rq2U8fvN7IxONHuuhXLNlBG14fFRX NJmkzhndv9WEXNBLv+81gozeBs3EMMT1tSu7o9JBBbbDsHgKDOzHt+w4YvZAIS+g nkddlArcuSiuu231X9QHCE6XpAV7GwO9TV19hYtcS0OgrON5KT9ipxhKY7uMbyMG lQpZkxoEuTSeMkM4ySL1+zdiKDShRTqjvp26HWxdt72YfIx3S0bFKoj/dJt7Mids RHalUSeRs5MRc+kyqQmQs+hcWel5vl4PrQpkVx90cnPuYTi7/EO5UIHfOrakdyBk 0o8p2Kq/94egJMaaMNjO2/IjcX8yRfnFXFF1AZk6BaBLVwLVaOuZj69ZimPCerRs C3HlH4jTYD+dqxTCx28cg9v1RQyAjsMI/2C1EFqzU5wSNhRN1WEmlAwGwtjYsNHw UE5A6tRy2vbTU13XlNwZ+LjLJsQJJQd73oeR/veUFjjetXqZmVCvtiW8X8rvkVqZ p85aQLWalFSLEwcZSnHLu7VdbCOHkegju1XbIBcfA8OckzBeQzXWRZhNO/EF1JJT zP6q4Rh5pscXJ3Cqp/So =sK5C -----END PGP SIGNATURE----- --=-=-=--