From: Daniel Kahn Gillmor Date: Sun, 31 Jan 2016 20:39:45 +0000 (+1900) Subject: Allow indexing cleartext of encrypted messages (v3) X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=af49f4307fd42d49a03e5867447cffdffc9aa30a;p=notmuch-archives.git Allow indexing cleartext of encrypted messages (v3) --- diff --git a/7c/349e8c52cf17b516a70ac02d8277ab99ce50d6 b/7c/349e8c52cf17b516a70ac02d8277ab99ce50d6 new file mode 100644 index 000000000..f575ca6e2 --- /dev/null +++ b/7c/349e8c52cf17b516a70ac02d8277ab99ce50d6 @@ -0,0 +1,99 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by arlo.cworth.org (Postfix) with ESMTP id ABC0D6DE1B25 + for ; Sun, 31 Jan 2016 12:40:16 -0800 (PST) +X-Virus-Scanned: Debian amavisd-new at cworth.org +X-Spam-Flag: NO +X-Spam-Score: 0 +X-Spam-Level: +X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[none] + autolearn=disabled +Received: from arlo.cworth.org ([127.0.0.1]) + by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id KoK8TWdLVPHZ for ; + Sun, 31 Jan 2016 12:40:15 -0800 (PST) +Received: from che.mayfirst.org (che.mayfirst.org [209.234.253.108]) + by arlo.cworth.org (Postfix) with ESMTP id 70A176DE17BD + for ; Sun, 31 Jan 2016 12:40:09 -0800 (PST) +Received: from fifthhorseman.net (ip-64-134-185-108.public.wayport.net + [64.134.185.108]) + by che.mayfirst.org (Postfix) with ESMTPSA id 60EBCF99D + for ; Sun, 31 Jan 2016 15:40:06 -0500 (EST) +Received: by fifthhorseman.net (Postfix, from userid 1000) + id 26E432024D; Sun, 31 Jan 2016 15:40:06 -0500 (EST) +From: Daniel Kahn Gillmor +To: Notmuch Mail +Subject: Allow indexing cleartext of encrypted messages (v3) +Date: Sun, 31 Jan 2016 15:39:45 -0500 +Message-Id: <1454272801-23623-1-git-send-email-dkg@fifthhorseman.net> +X-Mailer: git-send-email 2.7.0.rc3 +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.20 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sun, 31 Jan 2016 20:40:16 -0000 + +This is the third draft of the series initially announced in +id:1449718786-28000-1-git-send-email-dkg@fifthhorseman.net (second +draft was in +id:1453258369-7366-1-git-send-email-dkg@fifthhorseman.net). It +differs from v2 in that it incorporates the recent improvements in +detecting and processing S/MIME signatures. + +>From the v2 description: + +> Notmuch currently doesn't index the cleartext of encrypted mail. This +> is the right choice by default, because the index is basically +> cleartext-equivalent, and we wouldn't want every indexed mailstore to +> leak the contents of its encrypted mails. +> +> However, if a notmuch user has their index in a protected location, +> they may prefer the convenience of being able to search the contents +> of (at least some of) their encrypted mail. +> +> This series of patches enables notmuch to index the cleartext of +> specific encrypted messages when they're being added via "notmuch new" +> or "notmuch insert", via a new --try-decrypt flag. +> +> If --try-decrypt is used, and decryption is successful for part of a +> message, the message gets an additional "index-decrypted" tag. If +> decryption of part of a message fails, the message gets an additional +> "index-decryption-failed" tag. + +v2 addresses the concerns raised from the helpful feedback on the +previous series, and adds a notmuch_indexopts_t object that can be +used to declare options for indexing messages, including a +"try_decrypt" boolean. + +Additionally, this series adds a new function to libnotmuch: + + notmuch_message_reindex (notmuch_message_t *message, + notmuch_indexopts_t *indexopts) + +Which allows user of the library to adjust the indexing options of a +given message. + +The CLI is additionally augmented with a new notmuch subcommand, +"notmuch reindex", which also has a --try-decrypt flag. + +So a user who has their message index stored securely and wants to +index the cleartext of all encrypted messages they've received can do +something like: + + notmuch reindex --try-decrypt tag:encrypted and not tag:index-decrypted + +Or can clear all indexed cleartext from their database with: + + notmuch reindex tag:encrypted and tag:index-decrypted + +