Re: Feature suggestion. Indexing encrypted mail?
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>
Tue, 8 Apr 2014 05:25:29 +0000 (01:25 +2000)
committerW. Trevor King <wking@tremily.us>
Fri, 7 Nov 2014 18:01:25 +0000 (10:01 -0800)
59/1d2a4dc492f4ef9c640b622dd1fb7040c92122 [new file with mode: 0644]

diff --git a/59/1d2a4dc492f4ef9c640b622dd1fb7040c92122 b/59/1d2a4dc492f4ef9c640b622dd1fb7040c92122
new file mode 100644 (file)
index 0000000..2fd8d0c
--- /dev/null
@@ -0,0 +1,130 @@
+Return-Path: <dkg@fifthhorseman.net>\r
+X-Original-To: notmuch@notmuchmail.org\r
+Delivered-To: notmuch@notmuchmail.org\r
+Received: from localhost (localhost [127.0.0.1])\r
+       by olra.theworths.org (Postfix) with ESMTP id 1C694431FBC\r
+       for <notmuch@notmuchmail.org>; Mon,  7 Apr 2014 22:25:40 -0700 (PDT)\r
+X-Virus-Scanned: Debian amavisd-new at olra.theworths.org\r
+X-Spam-Flag: NO\r
+X-Spam-Score: 0\r
+X-Spam-Level: \r
+X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none]\r
+       autolearn=disabled\r
+Received: from olra.theworths.org ([127.0.0.1])\r
+       by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)\r
+       with ESMTP id A8yvYU9CFhoS for <notmuch@notmuchmail.org>;\r
+       Mon,  7 Apr 2014 22:25:34 -0700 (PDT)\r
+Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108])\r
+       by olra.theworths.org (Postfix) with ESMTP id 7F45A431FB6\r
+       for <notmuch@notmuchmail.org>; Mon,  7 Apr 2014 22:25:34 -0700 (PDT)\r
+Received: from [10.21.9.0] (unknown [107.19.144.191])\r
+       by che.mayfirst.org (Postfix) with ESMTPSA id F178DF984;\r
+       Tue,  8 Apr 2014 01:25:29 -0400 (EDT)\r
+Message-ID: <53438849.5050500@fifthhorseman.net>\r
+Date: Tue, 08 Apr 2014 01:25:29 -0400\r
+From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>\r
+User-Agent: Mozilla/5.0 (X11; Linux x86_64;\r
+       rv:24.0) Gecko/20100101 Icedove/24.3.0\r
+MIME-Version: 1.0\r
+To: Mark Walters <markwalters1009@gmail.com>, \r
+       Jeremy Nickurak <not-much@trk.nickurak.ca>,\r
+       Jameson Graef Rollins <jrollins@finestructure.net>\r
+Subject: Re: Feature suggestion. Indexing encrypted mail?\r
+References: <86k3b3ybo6.fsf@someserver.somewhere>\r
+       <878urj1z3j.fsf@maritornes.cs.unb.ca>\r
+       <87txa7pp8z.fsf@servo.finestructure.net>\r
+       <20140406091516.GG26903@vilya.m0g.net>  <5341D252.90405@fifthhorseman.net>\r
+       <867g71y327.fsf@someserver.somewhere>\r
+       <87ob0dnndk.fsf@servo.finestructure.net>\r
+       <CA+eQo_3hUAc3uMWw6Hb2JLBATiBDS96GozCa5jqT_1sWz1Y=hQ@mail.gmail.com>\r
+       <87d2gsonne.fsf@qmul.ac.uk>\r
+In-Reply-To: <87d2gsonne.fsf@qmul.ac.uk>\r
+X-Enigmail-Version: 1.6+git0.20140323\r
+Content-Type: multipart/signed; micalg=pgp-sha512;\r
+       protocol="application/pgp-signature";\r
+       boundary="4p2obPrRGNinEIx9HTBAme48kKMKT2cLR"\r
+Cc: Notmuch Mailing List <notmuch@notmuchmail.org>,\r
+       Daniel Kahn Gillmor <dkg@debian.org>\r
+X-BeenThere: notmuch@notmuchmail.org\r
+X-Mailman-Version: 2.1.13\r
+Precedence: list\r
+List-Id: "Use and development of the notmuch mail system."\r
+       <notmuch.notmuchmail.org>\r
+List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>\r
+List-Archive: <http://notmuchmail.org/pipermail/notmuch>\r
+List-Post: <mailto:notmuch@notmuchmail.org>\r
+List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>\r
+List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,\r
+       <mailto:notmuch-request@notmuchmail.org?subject=subscribe>\r
+X-List-Received-Date: Tue, 08 Apr 2014 05:25:40 -0000\r
+\r
+This is an OpenPGP/MIME signed message (RFC 4880 and 3156)\r
+--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR\r
+Content-Type: text/plain; charset=UTF-8\r
+Content-Transfer-Encoding: quoted-printable\r
+\r
+On 04/07/2014 05:06 PM, Mark Walters wrote:\r
+\r
+> I think it is worse that that: I think (from what people said on irc\r
+> some time ago) that the index contains the word and the position of tha=\r
+t\r
+> word so essentially the whole message can be reconstructed from the\r
+> index.\r
+\r
+Agree with Mark here, the warnings around such a feature should clearly\r
+say "this stores a cleartext equivalent of your message in the notmuch\r
+index."\r
+\r
+Even if the index weren't structured in this way, modern natural\r
+language processing techniques and a plausible training corpus should be\r
+able to come very close to the original cleartext message, so it should\r
+be treated as such.\r
+\r
+fwiw, the workflow i outlined should make it so that users can receive\r
+all messages encrypted; when they read each encrypted message, they get\r
+a choice about whether to store a cleartext-equivalent in their notmuch\r
+index. (note of course that it's possible to store your notmuch index on\r
+an encrypted filesystem itself, for a different flavor of\r
+confidentiality protection for the data once it's come to rest).\r
+\r
+This per-message decision mechanism lets a thoughtful user make that\r
+tradeoff on a piecemeal basis (it also allows for blanket\r
+(mis)judgement, of course).  There are certainly some messages that one\r
+might never want store in a cleartext index, while other messages might\r
+be less sensitive to exposure while being more valuable to the user if\r
+stored in a well-indexed, searchable local archive.\r
+\r
+I think this is a feature worth having, despite the warning labels it\r
+probably needs.\r
+\r
+       --dkg\r
+\r
+\r
+--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR\r
+Content-Type: application/pgp-signature; name="signature.asc"\r
+Content-Description: OpenPGP digital signature\r
+Content-Disposition: attachment; filename="signature.asc"\r
+\r
+-----BEGIN PGP SIGNATURE-----\r
+Version: GnuPG v1\r
+Comment: Using GnuPG with Icedove - http://www.enigmail.net/\r
+\r
+iQJ8BAEBCgBmBQJTQ4hJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w\r
+ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB\r
+NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcK28QAOK8pEoQ6Cn6ZsplytoPZOky\r
+5qgP739i6YZVpgOOjfSDoWSuBSR1ItqketnKJSZ0O8b4q0HGXsBDbIvMf5QSlO4U\r
+7zXg3B2nO2VGXo9JfPvTvX0vaTdbQXK8RJSIkRsFnD/IXAaqGk3L2NvspQnsrLXi\r
+h55l5DAzEag2g1X4MrIziVGd6dIVxBPWQLLWsJtl742G9iVSThc8E9JFRgt3KpPw\r
+KdHH7+3rFCjpNUJTCVGdOzKzjad03lBA3dxNPo77Hc8VRIYRxj9Z0H2XcAwYFXSK\r
+Fji2Gh7T3U//u4HBbLGyr7KgHBMupUj5XU+cz7HMeL+ZKUHhm/VD4hUY40yCrzkz\r
+xIX84Srnr5U6dds22Aw7v1lYJdYwNzeCc15gIRmlH0C0wg3s36dufsD58r3dr+Eh\r
+zAHcqivJZgoYbR1xj7+MyFL4f9AMUsy9aohZ4veZIs4Xv4AtdBVjyXSD8W+b1aRC\r
+fL3iiLAn0u7SeNEj8vwQXGnXHmn/RjWzv08Uv3/Uow1s8edAl9UDlnpqajMbMsIU\r
+3bfPJeV57B4uNYyv6G/vaplzHZnOKZr+snMqUdNK/QOsY29Zdi6L0rjMR+R0GjFB\r
+Kbmt6JC1FrPyawyVPtrOW63cx8XqnrrkTaWICeciwqYHTtrJoT337+KDak2Zqb8V\r
+RMh4aP6QeC96WvEYEJ5U\r
+=qxWp\r
+-----END PGP SIGNATURE-----\r
+\r
+--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR--\r