Return-Path: <dme@dme.org>
X-Original-To: notmuch@notmuchmail.org
Delivered-To: notmuch@notmuchmail.org
Received: from localhost (localhost [127.0.0.1])
	by olra.theworths.org (Postfix) with ESMTP id 6136B431FAF
	for <notmuch@notmuchmail.org>; Thu, 26 Jan 2012 00:53:26 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at olra.theworths.org
X-Spam-Flag: NO
X-Spam-Score: -0.7
X-Spam-Level: 
X-Spam-Status: No, score=-0.7 tagged_above=-999 required=5
	tests=[RCVD_IN_DNSWL_LOW=-0.7] autolearn=disabled
Received: from olra.theworths.org ([127.0.0.1])
	by localhost (olra.theworths.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id vUU9L34R3n0o for <notmuch@notmuchmail.org>;
	Thu, 26 Jan 2012 00:53:25 -0800 (PST)
Received: from mail-wi0-f181.google.com (mail-wi0-f181.google.com
	[209.85.212.181]) (using TLSv1 with cipher RC4-SHA (128/128 bits))
	(No client certificate requested)
	by olra.theworths.org (Postfix) with ESMTPS id 8B11F431FAE
	for <notmuch@notmuchmail.org>; Thu, 26 Jan 2012 00:53:25 -0800 (PST)
Received: by wibhi8 with SMTP id hi8so232020wib.26
	for <notmuch@notmuchmail.org>; Thu, 26 Jan 2012 00:53:24 -0800 (PST)
Received: by 10.180.24.105 with SMTP id t9mr1823674wif.19.1327568004245;
	Thu, 26 Jan 2012 00:53:24 -0800 (PST)
Received: from hotblack-desiato.hh.sledj.net
	(host81-149-164-25.in-addr.btopenworld.com. [81.149.164.25])
	by mx.google.com with ESMTPS id d9sm4221152wiy.2.2012.01.26.00.53.22
	(version=TLSv1/SSLv3 cipher=OTHER);
	Thu, 26 Jan 2012 00:53:22 -0800 (PST)
Received: by hotblack-desiato.hh.sledj.net (Postfix, from userid 30000)
	id EF3769FD9F; Thu, 26 Jan 2012 08:53:20 +0000 (GMT)
To: Jameson Graef Rollins <jrollins@finestructure.net>,
	Notmuch Mail <notmuch@notmuchmail.org>
Subject: Re: Emacs: Crypto: How to get automatic encryption?
In-Reply-To: <878vkv7k2q.fsf@servo.finestructure.net>
References: <87pqejj5nl.fsf@marcos.anarcat.ath.cx>
	<cunfwfer8i0.fsf@hotblack-desiato.hh.sledj.net>
	<87ehuo7pjr.fsf@algae.riseup.net>
	<87ehuoljzs.fsf@servo.finestructure.net>
	<cunvco0nvwa.fsf@hotblack-desiato.hh.sledj.net>
	<87liow6slg.fsf@servo.finestructure.net>
	<cund3a8nkwl.fsf@hotblack-desiato.hh.sledj.net>
	<878vkv7k2q.fsf@servo.finestructure.net>
User-Agent: Notmuch/0.11+114~g550724b (http://notmuchmail.org) Emacs/24.0.92.1
	(x86_64-pc-linux-gnu)
From: David Edmondson <dme@dme.org>
Date: Thu, 26 Jan 2012 08:53:20 +0000
Message-ID: <cunk44elu9r.fsf@hotblack-desiato.hh.sledj.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
	micalg=pgp-sha1; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: "Use and development of the notmuch mail system."
	<notmuch.notmuchmail.org>
List-Unsubscribe: <http://notmuchmail.org/mailman/options/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <http://notmuchmail.org/mailman/listinfo/notmuch>,
	<mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2012 08:53:26 -0000

--=-=-=
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Wed, 25 Jan 2012 09:45:01 -0800, Jameson Graef Rollins <jrollins@finestr=
ucture.net> wrote:
> On Wed, 25 Jan 2012 10:20:26 +0000, David Edmondson <dme@dme.org> wrote:
> > Isn't it still necessary to ensure that you have encryption keys
> > appropriate to the recipient?
>=20
> I want to ensure that all replies to encrypted to be encrypted.  I
> would rather have the reply fail outright than fall back to
> unencrypted.

That's a policy decision that a user can (and perhaps should) take, but
not something that should be enforced by the tool. Encouraging this
approach is fine, of course. I can think of various situations where I
might send an un-encrypted reply to an encrypted message.

> Here's a behavior that I think would be reasonable:
>=20
>  * notmuch reply outputs JSON encrypted flag
>=20
>  * emacs does a quick check to see if the needed key is available
>=20
>  * if key not available: give a nice mini-buffer prompt, something like:
>=20=20
>     'encryption key for "Foo Bar <foo@bar.com>" not found.  Retrieve?'
>=20
>    * if response is yes: call gpg to retrieve the key
>=20
>  * if key available: add encrypt flag
>=20
>    else: I feel like this should abort, but maybe there's something to
>          be done here.  Allow reply but don't quote the original?

How about:
    - notmuch reply outputs JSON encrypted flag,
    - emacs inserts the relevant mml to request that the reply is sent
      encrypted if the flag is present.

With this approach the default behaviour is to send an encrypted reply
to an encrypted message, but the user has the chance to change the
behaviour using familiar (well, as familiar as mml can be) tools.

Adding improvements to retrieve keys for outgoing messages would be
generally useful - it's not just an issue for replies.

--=-=-=
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iEYEARECAAYFAk8hFIAACgkQaezQq/BJZRYmVwCfTcVgXyz+yXySlEZphtOXaxfy
vbgAn3LrogNQVa8HEtsFAOjN+oDtnBiU
=P3tD
-----END PGP SIGNATURE-----
--=-=-=--