From 617b9d4ea91db18bf1349f642825a3e2ae59cd9a Mon Sep 17 00:00:00 2001 From: Jeremy Nickurak Date: Sun, 6 Apr 2014 12:35:14 +1800 Subject: [PATCH] Re: Feature suggestion. Indexing encrypted mail? --- de/6a100f815535790f472b08425388518076b5bc | 159 ++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 de/6a100f815535790f472b08425388518076b5bc diff --git a/de/6a100f815535790f472b08425388518076b5bc b/de/6a100f815535790f472b08425388518076b5bc new file mode 100644 index 000000000..c456cfc0c --- /dev/null +++ b/de/6a100f815535790f472b08425388518076b5bc @@ -0,0 +1,159 @@ +Return-Path: +X-Original-To: notmuch@notmuchmail.org +Delivered-To: notmuch@notmuchmail.org +Received: from localhost (localhost [127.0.0.1]) + by olra.theworths.org (Postfix) with ESMTP id 19CCF431FAF + for ; Sat, 5 Apr 2014 11:35:30 -0700 (PDT) +X-Virus-Scanned: Debian amavisd-new at olra.theworths.org +X-Spam-Flag: NO +X-Spam-Score: -0.699 +X-Spam-Level: +X-Spam-Status: No, score=-0.699 tagged_above=-999 required=5 + tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, + RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled +Received: from olra.theworths.org ([127.0.0.1]) + by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024) + with ESMTP id woIo+HywijDA for ; + Sat, 5 Apr 2014 11:35:18 -0700 (PDT) +Received: from mail-wi0-f177.google.com (mail-wi0-f177.google.com + [209.85.212.177]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) + (No client certificate requested) + by olra.theworths.org (Postfix) with ESMTPS id 71466431FAE + for ; Sat, 5 Apr 2014 11:35:18 -0700 (PDT) +Received: by mail-wi0-f177.google.com with SMTP id cc10so2948724wib.4 + for ; Sat, 05 Apr 2014 11:35:14 -0700 (PDT) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=nickurak.ca; s=google-dkim; + h=mime-version:sender:in-reply-to:references:date:message-id:subject + :from:to:cc:content-type; + bh=iDej/pzKq255tYVP+E+OLnrgcHpp8KyicjMG8weudZs=; + b=YLmi1ICVtqNWEBFKmpoIZ5DK2BpJkwounRG4nKrSrk42kuf4lQ2fgEPDCP8qe3ePWP + 8YqHZ02KmW5kyyuc8wL8lY7niCdzm9ButmzNCqvIg4IHDZ2q04z2eu0bJygANgAHmvzJ + ITv3PdyPGPJEfS+OQnuXsEDehGJbn53FKVxbY= +X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=1e100.net; s=20130820; + h=x-gm-message-state:mime-version:sender:in-reply-to:references:date + :message-id:subject:from:to:cc:content-type; + bh=iDej/pzKq255tYVP+E+OLnrgcHpp8KyicjMG8weudZs=; + b=hq07RD7F6/pYWU4k9PTk/Euzwbubf0Vg/k012cVDggsj7qhfYJEYzjmZ6mWjIk0edx + /J/xxmg2JeFpiHV/sI24RWbvLIZ+/wMgXwX00CJGEX7B4aQARLqFZrLGGsxDlzN+IJNN + iWoyporPi3xdHBSZ1vENZeOS15TfYxtMV/qfHUmBjz7b5QWthDH3v/BaNMUddtVP9xpD + 6SUufXstFcGPE7TStyoU9M9H6nZ+Neb2qb5f9tqHkOhRy24tCAFhL50Fg+iqqOysFGBo + xtfB4KgQfP2tqNw6cUiyneXbWVWJH4wAAak6zExNm1L1HXClKhU/Am8jZJcJ49wRUq84 + qm7g== +X-Gm-Message-State: + ALoCoQnmdgUYurTo0KYZCp/6+0E3mgwTcG7HF6UZcV3HBuja6x3XeRl4fDuHQiRw8XZrD3KCyMGW +MIME-Version: 1.0 +X-Received: by 10.194.203.2 with SMTP id km2mr29701491wjc.72.1396722914574; + Sat, 05 Apr 2014 11:35:14 -0700 (PDT) +Sender: jeremy@nickurak.ca +Received: by 10.216.122.200 with HTTP; Sat, 5 Apr 2014 11:35:14 -0700 (PDT) +X-Originating-IP: [96.52.225.98] +In-Reply-To: <878urj1z3j.fsf@maritornes.cs.unb.ca> +References: <86k3b3ybo6.fsf@someserver.somewhere> + <878urj1z3j.fsf@maritornes.cs.unb.ca> +Date: Sat, 5 Apr 2014 12:35:14 -0600 +X-Google-Sender-Auth: TXJOBCrA3fKEWvkN2XthR_b8eAc +Message-ID: + +Subject: Re: Feature suggestion. Indexing encrypted mail? +From: Jeremy Nickurak +To: David Bremner +Content-Type: multipart/alternative; boundary=047d7b8736ec2c5e5004f64fe506 +Cc: Notmuch Mailing List , + Daniel Kahn Gillmor +X-BeenThere: notmuch@notmuchmail.org +X-Mailman-Version: 2.1.13 +Precedence: list +List-Id: "Use and development of the notmuch mail system." + +List-Unsubscribe: , + +List-Archive: +List-Post: +List-Help: +List-Subscribe: , + +X-List-Received-Date: Sat, 05 Apr 2014 18:35:30 -0000 + +--047d7b8736ec2c5e5004f64fe506 +Content-Type: text/plain; charset=UTF-8 + +Off the top of my head, you could have an encrypted index too, which you +can only search while able to decrypt. Certainly another level of +complexity. + + +On Sat, Apr 5, 2014 at 11:10 AM, David Bremner wrote: + +> john.wyzer@gmx.de writes: +> +> > Would it be possible to add the configurable option to also decrypt +> > encrypted messages on the fly while indexing to make them searchable, +> > too? +> > +> > That would be really great for people that consider gnupg mainly an +> > encryption for transport or have their complete hard drive encrypted... +> +> As far I understand an attacker could reconstruct the message from the +> index, so one question is whether the extra complexity in notmuch is +> worth the minimal extra security over decrypting on delivery and storing +> plaintext on the (presumably encrypted) disk. Of course decrypting on +> delivery may be inconvenient (or impossible). I have CCed the two people +> who have implemented most of the crypto related stuff in notmuch so they +> can comment. +> +> d +> _______________________________________________ +> notmuch mailing list +> notmuch@notmuchmail.org +> http://notmuchmail.org/mailman/listinfo/notmuch +> + +--047d7b8736ec2c5e5004f64fe506 +Content-Type: text/html; charset=UTF-8 +Content-Transfer-Encoding: quoted-printable + +
Off the top of my head, you could have an encrypted index = +too, which you can only search while able to decrypt. Certainly another lev= +el of complexity.


+On Sat, Apr 5, 2014 at 11:10 AM, David Bremner <david@tethera.net><= +/span> wrote:
+
john.wyzer@gmx.de = +writes:
+
+> Would it be possible to add the configurable option to also decrypt +> encrypted messages on the fly while indexing to make them searchable,<= +br> +> too?
+>
+> That would be really great for people that consider gnupg =C2=A0mainly= + an
+> encryption for transport or have their complete hard drive encrypted..= +.
+
+
As far I understand an attacker could reconstruct the message from th= +e
+index, so one question is whether the extra complexity in notmuch is
+worth the minimal extra security over decrypting on delivery and storing +plaintext on the (presumably encrypted) disk. Of course decrypting on
+delivery may be inconvenient (or impossible). I have CCed the two people +who have implemented most of the crypto related stuff in notmuch so they +can comment.
+

+d
+_______________________________________________
+notmuch mailing list
+notmuch@notmuchmail.org
+http://notmuchmail.org/mailman/listinfo/notmuch
+

+ +--047d7b8736ec2c5e5004f64fe506-- -- 2.26.2