Return-Path: X-Original-To: notmuch@notmuchmail.org Delivered-To: notmuch@notmuchmail.org Received: from localhost (localhost [127.0.0.1]) by olra.theworths.org (Postfix) with ESMTP id 96D8D431FB6 for ; Thu, 3 Feb 2011 09:48:24 -0800 (PST) X-Virus-Scanned: Debian amavisd-new at olra.theworths.org X-Spam-Flag: NO X-Spam-Score: 0 X-Spam-Level: X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] autolearn=disabled Received: from olra.theworths.org ([127.0.0.1]) by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nTUp88WWoXqD for ; Thu, 3 Feb 2011 09:48:24 -0800 (PST) Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) by olra.theworths.org (Postfix) with ESMTP id 16C1D431FB5 for ; Thu, 3 Feb 2011 09:48:24 -0800 (PST) Received: from [192.168.13.75] (lair.fifthhorseman.net [216.254.116.241]) by che.mayfirst.org (Postfix) with ESMTPSA id 941F7F98D for ; Thu, 3 Feb 2011 12:48:22 -0500 (EST) Message-ID: <4D4AEA60.3030801@fifthhorseman.net> Date: Thu, 03 Feb 2011 12:48:16 -0500 From: Daniel Kahn Gillmor User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13) Gecko/20101213 Icedove/3.1.7 MIME-Version: 1.0 To: notmuch Subject: Re: new "crypto" branch providing full PGP/MIME support References: <4CF15D67.1070904@fifthhorseman.net> <87aak08fu8.fsf@servo.finestructure.net> <87fwsf9mip.fsf@servo.finestructure.net> <87tygl29vu.fsf@servo.finestructure.net> In-Reply-To: <87tygl29vu.fsf@servo.finestructure.net> X-Enigmail-Version: 1.1.2 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="------------enig6A5C156CC34E978A79789D85" X-BeenThere: notmuch@notmuchmail.org X-Mailman-Version: 2.1.13 Precedence: list Reply-To: notmuch List-Id: "Use and development of the notmuch mail system." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 03 Feb 2011 17:48:24 -0000 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig6A5C156CC34E978A79789D85 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 02/02/2011 08:18 PM, Jameson Rollins wrote: > Hi, all. I have pushed a new branch called "crypto" to my notmuch > repository [0]. This branch provides full support for PGP/MIME signed > and encrypted messages, including emacs UI support. I have tested this, and am now using it. I'm very happy with it. I support its inclusion in the mainline. Thanks for doing this, Jamie. This is excellent! ----less important stuff follows---- I want to raise one (non-blocking) question about the decryption to see if anyone has any suggestions: If you do "notmuch show --format=3Djson" on a PGP/MIME-encrypted plaintex= t message, it emits the base message, which is structured like this: 1 =E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 2 =E2=94=9C=E2=95=B4application/pgp-encrypted attachment 3 =E2=94=94=E2=95=B4application/octet-stream inline [msg.asc] with these patches, if you do "notmuch show --format=3Djson --decrypt", i= t emits this instead: 1 =E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 2 =E2=94=94=E2=95=B4text/plain inline and it attaches an encstatus (and possibly sigstatus, if the message was signed) to part 1. I'll call this "method A". There are other methods that could be used as well, and it's worth making sure we've chosen one that we think is what we'll want in the future. here are two other proposals: Method B: 1 =E2=94=94=E2=94=AC=E2=95=B4multipart/encrypted 2 =E2=94=9C=E2=95=B4application/pgp-encrypted attachment 3 =E2=94=94=E2=95=B4text/plain inline That is, just replace part 3 (the actual encrypted body) with the decrypted material. This has the advantage that for single-part encrypted messages, the structure and part numbers of the message remains the same as without --decrypt. Method C: 1 =E2=94=94=E2=95=B4text/plain inline That is, replace the entire multipart/encrypted with the decrypted materi= al. This avoids having an explicitly-labeled "multipart/encrypted" wrapper around cleartext (which might be considered odd). It would mean attaching the encstatus and sigstatus directly to the decrypted part, though. I don't actually see any of these methods as being significantly better than the others -- i think they all have some inherent ugliness. So i'm fine with going with method A as Jamie chose it and has it working. But i wanted to see if anyone had strong arguments in favor of the other methods (or if there are other --decrypt methods we could use, for that matter) --dkg --------------enig6A5C156CC34E978A79789D85 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQJ8BAEBCgBmBQJNSupgXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQwRUU1QkU5NzkyODJEODBCOUY3NTQwRjFD Q0QyRUQ5NEQyMTczOUU5AAoJEMzS7ZTSFznp094P/itr0E9KBlxZgn8Ncv5iNoXy AOzJlvmFaZVwYDPZWEmcknGlvCTQlSQeFj8MzxuGk6helwk0Oy8NXk6+qTojTlZE 2V25O3fNtmUMmTrPUb4LLhi4OHIeaHH4Fbl8S6OTEE/UosOoGd/muFnYjulPhEse LNp1MkWTysAnAG4iOljFqzXc2yr7xvel9b25WG3qiZwPBShHDr7BdhnVs+9+9uU3 tpHb2QjNkmUHI54tLtw4srOpc2NPUV+LRVd7gB96JGJG5yTeKK5GLQaqAV04fCyB x84GeJhgVW3F6yN1kwmeSyrQIzPViAiqPY2LacxUB67FOzaoHTWMK8OtqmpMFR45 t20nUP35gAUzqPo4spkJyu2R8oKA3S+rFpD+HRDGZ/dlMfPTmBmvTP+bE7hY/np5 ihRLQORTdUaq8EkKVZ4hKyHnBQAYZYcCNwtNE76czu5ms5qjQ7MHge15A+4v9297 ZvWKoT/i9pQzwQRKXt+6bVqGiizZE8dr0TdW7Xzh6v5na/FlBj11TzlWMn5guhAt qwPIGTthn/Cov28KcO2Z7NlQ094TuDjAyXAGxRVSQJnwpg1pzg0AiA45A6DOfcAU Uzcfu+DrHz36hiExero3m5HfTIt3d3LpQCWeVvt4Ovf44JSUx7Zg59C2i+IHL1Iw 4LGbfpJIa5bI+aat3l+L =uRsF -----END PGP SIGNATURE----- --------------enig6A5C156CC34E978A79789D85--