Re: allow indexing cleartext of encrypted messages

diff --git a/a7/f978ca1f7c6b323c54de1a38ef7c8f33c8bf81 b/a7/f978ca1f7c6b323c54de1a38ef7c8f33c8bf81
new file mode 100644 (file)
index 0000000..72bd289
--- /dev/null
+++ b/a7/f978ca1f7c6b323c54de1a38ef7c8f33c8bf81
@@ -0,0 +1,102 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 5B8CC6DE0A9A\r
+ for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 07:34:30 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at cworth.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -0.016\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-0.016 tagged_above=-999 required=5\r
+ tests=[AWL=-0.016] autolearn=disabled\r
+Received: from arlo.cworth.org ([127.0.0.1])\r
+ by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)\r
+ with ESMTP id 6KXgyGtc-J2i for <notmuch@notmuchmail.org>;\r
+ Fri, 11 Dec 2015 07:34:28 -0800 (PST)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+ by arlo.cworth.org (Postfix) with ESMTP id 442986DE005F\r
+ for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 07:34:28 -0800 (PST)\r
+Received: from fifthhorseman.net (unknown [38.109.115.130])\r
+ by che.mayfirst.org (Postfix) with ESMTPSA id 89216F984\r
+ for <notmuch@notmuchmail.org>; Fri, 11 Dec 2015 10:34:26 -0500 (EST)\r
+Received: by fifthhorseman.net (Postfix, from userid 1000)\r
+ id B101320001; Fri, 11 Dec 2015 10:34:25 -0500 (EST)\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+To: Notmuch Mail <notmuch@notmuchmail.org>\r
+Subject: Re: allow indexing cleartext of encrypted messages\r
+In-Reply-To: <1449718786-28000-1-git-send-email-dkg@fifthhorseman.net>\r
+References: <1449718786-28000-1-git-send-email-dkg@fifthhorseman.net>\r
+User-Agent: Notmuch/0.21 (http://notmuchmail.org) Emacs/24.5.1\r
+ (x86_64-pc-linux-gnu)\r
+Date: Fri, 11 Dec 2015 10:34:25 -0500\r
+Message-ID: <87zixhgfsu.fsf@alice.fifthhorseman.net>\r
+MIME-Version: 1.0\r
+Content-Type: text/plain\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.20\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+ <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch/>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,\r
+ <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Fri, 11 Dec 2015 15:34:30 -0000\r
+\r
+On Wed 2015-12-09 22:39:37 -0500, Daniel Kahn Gillmor wrote:\r
+>  * the libnotmuch API is extended with\r
+>    notmuch_database_add_message_try_decrypt().  This should probably\r
+>    ultimately be more general, because there are a few additional\r
+>    knobs that i can imagine fiddling at indexing time.  For example:\r
+>\r
+>     * verifying cryptographic signatures and storing something about\r
+>       those verifications in the notmuch db\r
+>      \r
+>     * extracting OpenPGP session key information for a given message\r
+>       and storing it in a lookaside table in the notmuch db, so that\r
+>       it's possible to securely destroy old encryption-capable keys\r
+>       and still have local access to the cleartext of the remaining\r
+>       messages.\r
+>\r
+>    Some of these additional features might be orthogonal to one\r
+>    another as well.  I welcome suggestions for how to improve the API\r
+>    so that we don't end up with a combinatorial explosion of\r
+>    n_d_add_message_foo() functions.\r
+\r
+I have a proposal for how to do this better:\r
+\r
+I'll introduce a notmuch_index_options_t, with the usual constructors\r
+and destructors and a couple functions:\r
+\r
+  notmuch_index_options_set_try_decrypt()\r
+  notmuch_index_options_get_try_decrypt()\r
+  notmuch_index_options_set_gpg_path()\r
+  notmuch_index_options_get_gpg_path()\r
+\r
+Then i'll add:\r
+\r
+  notmuch_database_add_message_with_options(db, fname, options, &message)\r
+\r
+If we add new indexing features, they can be set directly in the\r
+index_options object (including features that might be more complex than\r
+a string or a bool, like a chain of command-line filters).\r
+\r
+a few nice features of this approach:\r
+\r
+ * The user of the library can craft a set of index options and repeat\r
+   it easily, and the options can contain cached/lazily-initialized\r
+   things (like GMimeCryptoContexts) if needed.\r
+\r
+ * The user can index different messages with different options if they\r
+   prefer (no need to set the options on the database object itself)\r
+\r
+ * the capability of the indexing features in the library is visible\r
+   directly in the exposed API.\r
+\r
+any thoughts on this?\r
+\r
+    --dkg\r