Re: a proposed change to JSON output to report verification of PGP/MIME signatures.

diff --git a/81/68a580710d323e0cebc36c5d24586538300a47 b/81/68a580710d323e0cebc36c5d24586538300a47
new file mode 100644 (file)
index 0000000..8d1ed6b
--- /dev/null
+++ b/81/68a580710d323e0cebc36c5d24586538300a47
@@ -0,0 +1,102 @@
+Return-Path: <jrollins@finestructure.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 37E7940DBF8\r
+       for <notmuch@notmuchmail.org>; Tue, 16 Nov 2010 12:11:20 -0800 (PST)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: -1.89\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5\r
+       tests=[BAYES_00=-1.9, T_MIME_NO_TEXT=0.01] autolearn=unavailable\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id Fm+xi-dRWs5p for <notmuch@notmuchmail.org>;\r
+       Tue, 16 Nov 2010 12:11:09 -0800 (PST)\r
+Received: from tarap.cc.columbia.edu (tarap.cc.columbia.edu [128.59.29.7])\r
+       by olra.theworths.org (Postfix) with ESMTP id BA9E440DADE\r
+       for <notmuch@notmuchmail.org>; Tue, 16 Nov 2010 12:11:09 -0800 (PST)\r
+Received: from servo.finestructure.net\r
+       (pool-108-27-62-5.nycmny.fios.verizon.net [108.27.62.5])\r
+       (user=jgr2110 author=jrollins@finestructure.net mech=PLAIN bits=0)\r
+       by tarap.cc.columbia.edu (8.14.4/8.14.3) with ESMTP id oAGKB2AC026945\r
+       (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT);\r
+       Tue, 16 Nov 2010 15:11:03 -0500 (EST)\r
+Received: from jrollins by servo.finestructure.net with local (Exim 4.72)\r
+       (envelope-from <jrollins@finestructure.net>)\r
+       id 1PIRrq-0002BM-5d; Tue, 16 Nov 2010 15:11:02 -0500\r
+From: Jameson Rollins <jrollins@finestructure.net>\r
+To: Carl Worth <cworth@cworth.org>,\r
+       Daniel Kahn Gillmor <dkg@fifthhorseman.net>,\r
+       notmuch <notmuch@notmuchmail.org>\r
+Subject: Re: a proposed change to JSON output to report verification of\r
+       PGP/MIME signatures.\r
+In-Reply-To: <87hbfhdpa6.fsf@yoom.home.cworth.org>\r
+References: <4CDE4486.2050101@fifthhorseman.net>\r
+       <87hbfhdpa6.fsf@yoom.home.cworth.org>\r
+User-Agent: Notmuch/0.5 (http://notmuchmail.org) Emacs/23.2.1\r
+       (i486-pc-linux-gnu)\r
+Date: Tue, 16 Nov 2010 15:10:59 -0500\r
+Message-ID: <87wrod9gh8.fsf@servo.finestructure.net>\r
+MIME-Version: 1.0\r
+Content-Type: multipart/signed; boundary="=-=-=";\r
+       micalg=pgp-sha256; protocol="application/pgp-signature"\r
+X-No-Spam-Score: Local\r
+X-Scanned-By: MIMEDefang 2.68 on 128.59.29.7\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 16 Nov 2010 20:11:20 -0000\r
+\r
+--=-=-=\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On Tue, 16 Nov 2010 11:47:13 -0800, Carl Worth <cworth@cworth.org> wrote:\r
+> The only other piece I think I'd like to see is actually making the\r
+> content of the signature pieces available in the json output. Then, a\r
+> client could do its own verification.\r
+>=20\r
+> Then if we had that would we not want to add the --verify support into\r
+> notmuch? (My guess is that we still would want it.)\r
+\r
+Hey, Carl.  I think your suggestion to include the signatures in the\r
+output is a reasonable.  However, (I could be misunderstanding your\r
+suggestion but) I really think the Right thing is for notmuch to do the\r
+verification itself.  I would almost say that --verify should be the\r
+default, with a --no-verify option.  It will make things much easier for\r
+all the UIs if notmuch handles the verification and just outputs the\r
+result.\r
+\r
+jamie.\r
+\r
+--=-=-=\r
+Content-Type: application/pgp-signature\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1.4.10 (GNU/Linux)\r
+\r
+iQIcBAEBCAAGBQJM4uVTAAoJEO00zqvie6q8lhwQAJb7hMz+trFFiAoyoCdNfna4\r
+/QN36aEcr7O+fKAhwLtqVGvJI3ljA0lD3h7BarC4FGaZx0ZR8f1LDE8uDTRT/DOt\r
+5t2zfPWEXlPgkKZngyl+7h/uZ2GHUuP1B93BWi+yiK4rlKvrkjYyBiySAYEVR3n9\r
+sfT/7oBjFH8OATFzHPaQzNM53R5YWvCxzGFZjZFa3gA8eHUN76MXQIlDZ9qgIfhj\r
+dIQ9RkfBm5l+szVKELrwFKD1bgd6OacFXVRmn2dpANE05fuztctm5rUizS3zw/mk\r
+zxhctrfJ1Zv5B5BKBhgqrMsYm9PsgJsfkXQH/+SkQZyjY0xfLkiP2ikMlebyTrEA\r
+F3boq7PkDbA2PAuD5RhwfZgBwFEgYaz98FeBAWTFVxvd9wpWdAat/Yd4JTAHGbT8\r
+ot3akMSERtiKFK852QfLSt1fU53CIHXgVNdecYxDnZBl+X4pTIkzwkdVUZR9/xVj\r
+LdJgM6M0otpGMSjfSIgAd5/zCwNvEu0+0rzY54sTD7daViTMU/7WnpTluRXixdDA\r
+zVk8pfaRu9mLdloHI1Y0EhxOS4TbZ7CVVgnG3crUcuf4JFVlPOa19IRZdbNEXlE9\r
+rWAzzF1kv/pXKtc90+tNcBcv5xZAGLL5vwPWHlvrKwiXpYtv5QhF6/cvmo2FmBPu\r
+oFOfHEkm6l/5K7VllJrB\r
+=iR0i\r
+-----END PGP SIGNATURE-----\r
+--=-=-=--\r