From: Daniel Kahn Gillmor Date: Tue, 8 Apr 2014 05:25:29 +0000 (+2000) Subject: Re: Feature suggestion. Indexing encrypted mail? X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=7d22916b9d36d5c73c8949a98248debd40441630;p=notmuch-archives.git Re: Feature suggestion. Indexing encrypted mail? --- diff --git a/59/1d2a4dc492f4ef9c640b622dd1fb7040c92122 b/59/1d2a4dc492f4ef9c640b622dd1fb7040c92122 new file mode 100644 index 000000000..2fd8d0c51 --- /dev/null +++ b/59/1d2a4dc492f4ef9c640b622dd1fb7040c92122 @@ -0,0 +1,130 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 1C694431FBC + for ; Mon, 7 Apr 2014 22:25:40 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id A8yvYU9CFhoS for ; + Mon, 7 Apr 2014 22:25:34 -0700 (PDT) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by olra.theworths.org (Postfix) with ESMTP id 7F45A431FB6 + for ; Mon, 7 Apr 2014 22:25:34 -0700 (PDT) +Received: from [10.21.9.0] (unknown [107.19.144.191]) + by che.mayfirst.org (Postfix) with ESMTPSA id F178DF984; + Tue, 8 Apr 2014 01:25:29 -0400 (EDT) +Message-ID: <53438849.5050500@fifthhorseman.net> +Date: Tue, 08 Apr 2014 01:25:29 -0400 +From: Daniel Kahn Gillmor +User-Agent: Mozilla/5.0 (X11; Linux x86_64; + rv:24.0) Gecko/20100101 Icedove/24.3.0 +MIME-Version: 1.0 +To: Mark Walters , + Jeremy Nickurak , + Jameson Graef Rollins +Subject: Re: Feature suggestion. Indexing encrypted mail? +References: <86k3b3ybo6.fsf@someserver.somewhere> + <878urj1z3j.fsf@maritornes.cs.unb.ca> + <87txa7pp8z.fsf@servo.finestructure.net> + <20140406091516.GG26903@vilya.m0g.net> <5341D252.90405@fifthhorseman.net> + <867g71y327.fsf@someserver.somewhere> + <87ob0dnndk.fsf@servo.finestructure.net> + + <87d2gsonne.fsf@qmul.ac.uk> +In-Reply-To: <87d2gsonne.fsf@qmul.ac.uk> +X-Enigmail-Version: 1.6+git0.20140323 +Content-Type: multipart/signed; micalg=pgp-sha512; + protocol="application/pgp-signature"; + boundary="4p2obPrRGNinEIx9HTBAme48kKMKT2cLR" +Cc: Notmuch Mailing List , + Daniel Kahn Gillmor +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Tue, 08 Apr 2014 05:25:40 -0000 + +This is an OpenPGP/MIME signed message (RFC 4880 and 3156) +--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +On 04/07/2014 05:06 PM, Mark Walters wrote: + +> I think it is worse that that: I think (from what people said on irc +> some time ago) that the index contains the word and the position of tha= +t +> word so essentially the whole message can be reconstructed from the +> index. + +Agree with Mark here, the warnings around such a feature should clearly +say "this stores a cleartext equivalent of your message in the notmuch +index." + +Even if the index weren't structured in this way, modern natural +language processing techniques and a plausible training corpus should be +able to come very close to the original cleartext message, so it should +be treated as such. + +fwiw, the workflow i outlined should make it so that users can receive +all messages encrypted; when they read each encrypted message, they get +a choice about whether to store a cleartext-equivalent in their notmuch +index. (note of course that it's possible to store your notmuch index on +an encrypted filesystem itself, for a different flavor of +confidentiality protection for the data once it's come to rest). + +This per-message decision mechanism lets a thoughtful user make that +tradeoff on a piecemeal basis (it also allows for blanket +(mis)judgement, of course). There are certainly some messages that one +might never want store in a cleartext index, while other messages might +be less sensitive to exposure while being more valuable to the user if +stored in a well-indexed, searchable local archive. + +I think this is a feature worth having, despite the warning labels it +probably needs. + + --dkg + + +--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR +Content-Type: application/pgp-signature; name="signature.asc" +Content-Description: OpenPGP digital signature +Content-Disposition: attachment; filename="signature.asc" + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 +Comment: Using GnuPG with Icedove - http://www.enigmail.net/ + +iQJ8BAEBCgBmBQJTQ4hJXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w +ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRFQjk2OTEyODdBN0FEREUzNzU3RDkxMUVB +NTI0MDFCMTFCRkRGQTVDAAoJEKUkAbEb/fpcK28QAOK8pEoQ6Cn6ZsplytoPZOky +5qgP739i6YZVpgOOjfSDoWSuBSR1ItqketnKJSZ0O8b4q0HGXsBDbIvMf5QSlO4U +7zXg3B2nO2VGXo9JfPvTvX0vaTdbQXK8RJSIkRsFnD/IXAaqGk3L2NvspQnsrLXi +h55l5DAzEag2g1X4MrIziVGd6dIVxBPWQLLWsJtl742G9iVSThc8E9JFRgt3KpPw +KdHH7+3rFCjpNUJTCVGdOzKzjad03lBA3dxNPo77Hc8VRIYRxj9Z0H2XcAwYFXSK +Fji2Gh7T3U//u4HBbLGyr7KgHBMupUj5XU+cz7HMeL+ZKUHhm/VD4hUY40yCrzkz +xIX84Srnr5U6dds22Aw7v1lYJdYwNzeCc15gIRmlH0C0wg3s36dufsD58r3dr+Eh +zAHcqivJZgoYbR1xj7+MyFL4f9AMUsy9aohZ4veZIs4Xv4AtdBVjyXSD8W+b1aRC +fL3iiLAn0u7SeNEj8vwQXGnXHmn/RjWzv08Uv3/Uow1s8edAl9UDlnpqajMbMsIU +3bfPJeV57B4uNYyv6G/vaplzHZnOKZr+snMqUdNK/QOsY29Zdi6L0rjMR+R0GjFB +Kbmt6JC1FrPyawyVPtrOW63cx8XqnrrkTaWICeciwqYHTtrJoT337+KDak2Zqb8V +RMh4aP6QeC96WvEYEJ5U +=qxWp +-----END PGP SIGNATURE----- + +--4p2obPrRGNinEIx9HTBAme48kKMKT2cLR--