From: Daniel Kahn Gillmor Date: Wed, 20 Jan 2016 02:52:33 +0000 (+1900) Subject: Allow indexing cleartext of encrypted messages (v2) X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=22aa99f81a3f8747efabc719149686cd7b2c663d;p=notmuch-archives.git Allow indexing cleartext of encrypted messages (v2) --- diff --git a/c5/6db74393f5ee56786c4cc4aba1c010d906e412 b/c5/6db74393f5ee56786c4cc4aba1c010d906e412 new file mode 100644 index 000000000..d30713e64 --- /dev/null +++ b/c5/6db74393f5ee56786c4cc4aba1c010d906e412 @@ -0,0 +1,92 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id 0A6356DE1557 + for ; Tue, 19 Jan 2016 18:53:23 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: -0.023 +X-Spam-Level: +X-Spam-Status: No, score=-0.023 tagged_above=-999 required=5 + tests=[AWL=-0.023] autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id mc6Kx0W171IG for ; + Tue, 19 Jan 2016 18:53:21 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id D51E26DE1478 + for ; Tue, 19 Jan 2016 18:53:15 -0800 (PST) +Received: from fifthhorseman.net (unknown [38.109.115.130]) + by che.mayfirst.org (Postfix) with ESMTPSA id 7594FF989 + for ; Tue, 19 Jan 2016 21:53:10 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id C43EF20085; Tue, 19 Jan 2016 18:53:10 -0800 (PST) +From: Daniel Kahn Gillmor +To: Notmuch Mail +Subject: Allow indexing cleartext of encrypted messages (v2) +Date: Tue, 19 Jan 2016 21:52:33 -0500 +Message-Id: <1453258369-7366-1-git-send-email-dkg@fifthhorseman.net> +X-Mailer: git-send-email 2.7.0.rc3 +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Wed, 20 Jan 2016 02:53:23 -0000 + +This is the second draft of the series initially announced in +id:1449718786-28000-1-git-send-email-dkg@fifthhorseman.net: + +> Notmuch currently doesn't index the cleartext of encrypted mail. This +> is the right choice by default, because the index is basically +> cleartext-equivalent, and we wouldn't want every indexed mailstore to +> leak the contents of its encrypted mails. +> +> However, if a notmuch user has their index in a protected location, +> they may prefer the convenience of being able to search the contents +> of (at least some of) their encrypted mail. +> +> This series of patches enables notmuch to index the cleartext of +> specific encrypted messages when they're being added via "notmuch new" +> or "notmuch insert", via a new --try-decrypt flag. +> +> If --try-decrypt is used, and decryption is successful for part of a +> message, the message gets an additional "index-decrypted" tag. If +> decryption of part of a message fails, the message gets an additional +> "index-decryption-failed" tag. + +v2 addresses the concerns raised from the helpful feedback on the +previous series, and adds a notmuch_indexopts_t object that can be +used to declare options for indexing messages, including a +"try_decrypt" boolean. + +Additionally, this series adds a new function to libnotmuch: + + notmuch_message_reindex (notmuch_message_t *message, + notmuch_indexopts_t *indexopts) + +Which allows user of the library to adjust the indexing options of a +given message. + +The CLI is additionally augmented with a new notmuch subcommand, +"notmuch reindex", which also has a --try-decrypt flag. + +So a user who has their message index stored securely and wants to +index the cleartext of all encrypted messages they've received can do +something like: + + notmuch reindex --try-decrypt tag:encrypted and not tag:index-decrypted + +Or can clear all indexed cleartext from their database with: + + notmuch reindex tag:encrypted and tag:index-decrypted + +