From 47c726cd0c1defb1adabc7ade626122bdf870560 Mon Sep 17 00:00:00 2001 From: Jameson Graef Rollins Date: Mon, 7 Apr 2014 23:16:26 +1700 Subject: [PATCH] Re: [PATCH] emacs: sign/encrypt replies to signed/encrypted messages --- 78/c7264700b7ef713ea32e297a3eb15d32c1812b | 138 ++++++++++++++++++++++ 1 file changed, 138 insertions(+) create mode 100644 78/c7264700b7ef713ea32e297a3eb15d32c1812b diff --git a/78/c7264700b7ef713ea32e297a3eb15d32c1812b b/78/c7264700b7ef713ea32e297a3eb15d32c1812b new file mode 100644 index 000000000..e8d69813d --- /dev/null +++ b/78/c7264700b7ef713ea32e297a3eb15d32c1812b @@ -0,0 +1,138 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id CBFED431FC0 + for ; Sun, 6 Apr 2014 23:16:37 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: -2.3 +X-Spam-Level: +X-Spam-Status: No, score=-2.3 tagged_above=-999 required=5 + tests=[RCVD_IN_DNSWL_MED=-2.3] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id E4uwXgQxcduc for ; + Sun, 6 Apr 2014 23:16:32 -0700 (PDT) +Received: from outgoing-mail.its.caltech.edu (outgoing-mail.its.caltech.edu + [131.215.239.19]) + by olra.theworths.org (Postfix) with ESMTP id 0FDB4431FBF + for ; Sun, 6 Apr 2014 23:16:32 -0700 (PDT) +Received: from earth-doxen.imss.caltech.edu (localhost [127.0.0.1]) + by earth-doxen-postvirus (Postfix) with ESMTP id B010066E0120; + Sun, 6 Apr 2014 23:16:31 -0700 (PDT) +X-Spam-Scanned: at Caltech-IMSS on earth-doxen by amavisd-new +Received: from finestructure.net (cpe-107-185-189-81.socal.res.rr.com + [107.185.189.81]) (Authenticated sender: jrollins) + by earth-doxen-submit (Postfix) with ESMTP id B2DE966E0103; + Sun, 6 Apr 2014 23:16:30 -0700 (PDT) +Received: by finestructure.net (Postfix, from userid 1000) + id 5E9A460187; Sun, 6 Apr 2014 23:16:29 -0700 (PDT) +From: Jameson Graef Rollins +To: Jani Nikula , notmuch@notmuchmail.org +Subject: Re: [PATCH] emacs: sign/encrypt replies to signed/encrypted messages +In-Reply-To: <1396689486-19232-1-git-send-email-jani@nikula.org> +References: <87a9f1c8aq.fsf@servo.finestructure.net> + <1396689486-19232-1-git-send-email-jani@nikula.org> +User-Agent: Notmuch/0.17+174~gaa1f476 (http://notmuchmail.org) Emacs/24.3.1 + (x86_64-pc-linux-gnu) +Date: Sun, 06 Apr 2014 23:16:26 -0700 +Message-ID: <8738hppsud.fsf@servo.finestructure.net> +MIME-Version: 1.0 +Content-Type: multipart/signed; boundary="=-=-="; + micalg=pgp-sha256; protocol="application/pgp-signature" +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Mon, 07 Apr 2014 06:16:37 -0000 + +--=-=-= +Content-Type: text/plain + +On Sat, Apr 05 2014, Jani Nikula wrote: +> This is a simple approach to improving security when replying to +> signed or encrypted messages. If the message being replied to was +> signed, add mml tag to sign the reply. If the message being replied to +> was encrypted, add mml tag to sign and encrypt the reply. + +Jani, thank you so much for this patch! This is really great, and I +very much appreciate your work on it. + +I've tested it and so far it does exactly as advertised: replys to +encrypted messages automatically get the correct mml tags to encrypt the +reply. I sign all messages by default, and it doesn't seem to interact +adversely with that configuration afaict. + +> This may need configuration; I for one might want to encrypt replies +> to encrypted messages, but not always sign replies to signed messages. +> +> This still includes a slight bug: if any mml tags are added, they are +> included in the region containing the quoted parts. Killing the region +> will kill the mml tags too. + +Both of these issues seem pretty minor to me. It certainly gets my vote +to push without these additional features (especially considering the +security benefits). + +I just have one comment below: + +> diff --git a/emacs/notmuch-mua.el b/emacs/notmuch-mua.el +> index ba3ef275ec5e..9fb84b57b030 100644 +> --- a/emacs/notmuch-mua.el +> +++ b/emacs/notmuch-mua.el +> @@ -224,7 +233,10 @@ list." +> (set-mark (point)) +> (goto-char start) +> ;; Quote the original message according to the user's configured style. +> - (message-cite-original)))) +> + (message-cite-original))) +> + +> + ;; Sign and/or encrypt replies to signed and/or encrypted messages. +> + (notmuch-mua-reply-crypto (plist-get original :body))) + +Maybe we should check to see if crypto processing is activated before +adding this additional crypto handling. I would have guessed we might +want something like this instead: + + (when notmuch-show-process-crypto + (notmuch-mua-reply-crypto (plist-get original :body)))) + +However, for some reason I can't get this to work. It looks like +notmuch-show-process-crypto keeps evaluating to false in this context, +regardless of whether crypto processing has been engaged. I'm unclear +why. Anyone know see how notmuch-show-process-crypto would evaluate to +false here, even when it evaluates to true earlier in the same +notmuch-mua-reply call? + +jamie. + +--=-=-= +Content-Type: application/pgp-signature + +-----BEGIN PGP SIGNATURE----- +Version: GnuPG v1 + +iQIcBAEBCAAGBQJTQkK7AAoJEO00zqvie6q89/kP/2sIsdj6C6ltNvufSrTxFpHX +IytJX9+0pfB5Z3BjJ6vEDa3LTaQPmEZdnlcvGvx7Qe1D5ZONljTMR3xMWV4VCbAk +aFK5+Fvs70bChQQkvwjwo1OoZ16EOs/dkS+ZChq7UGJy/1hD1dOh0FV7MBdh/qMV +gjUD3iAvM7ShdvumcVYzE1aOxLfse1+LgKBTwt8yPH3DVHGxx9ixJn4nOqbIq2H7 +10sDnLu9sMwqUr3Vt8FFPNuCDMhbFrLMXJVnm/odLKz6xQHfT3cpXEi0TP6KZrww +/VT8I5XtVE5ypmcDyWV18KgjYRNH8U2j6nv73AcP12Dlrc///LmS8gsEsrHq0wEh +8Y6YVwdzr8gRYb+6xNCUarrkP0GY9Oy7pSwZfms8H9mdfYMMVyNU41dpUdo2XSVs +40+Yf0j1gAt8lrAUY0Lry5oMdKFJZnhDk6BCP9TlYW3r0hYUYCl1i72+yPi0Pcio +gG/r2rDqP/6lS0MZUS79EI8k+GOeiKS059gvcHPvzPi6xWXhu5Nn1uL8t8keXTTL +P67IYQCCoMuAXnHt8EKSWpL2OLCemx/2ZMO9JRb+Spknrzj9rx6ButcCydC2LR6G +3/5r6J3/UgT8Sj++hNovTS3xT/AVk1z7l8XThIpzVTQsHLKXiHzh/7pKM1GX7Hn6 +87u/MPqXm2Qt6xHBuYri +=BbLW +-----END PGP SIGNATURE----- +--=-=-=-- -- 2.26.2