Re: new "crypto" branch providing full PGP/MIME support

Subject: Re: new "crypto" branch providing full PGP/MIME support

Date: Thu, 03 Feb 2011 12:48:16 -0500

To: notmuch

Cc:

From: Daniel Kahn Gillmor


On 02/02/2011 08:18 PM, Jameson Rollins wrote:
> Hi, all.  I have pushed a new branch called "crypto" to my notmuch
> repository [0].  This branch provides full support for PGP/MIME signed
> and encrypted messages, including emacs UI support.

I have tested this, and am now using it.  I'm very happy with it.  I
support its inclusion in the mainline.

Thanks for doing this, Jamie.  This is excellent!

 ----less important stuff follows----

I want to raise one (non-blocking) question about the decryption to see
if anyone has any suggestions:

If you do "notmuch show --format=json" on a PGP/MIME-encrypted plaintext
message, it emits the base message, which is structured like this:

1 └┬╴multipart/encrypted
2  ├╴application/pgp-encrypted attachment
3  └╴application/octet-stream inline [msg.asc]

with these patches, if you do "notmuch show --format=json --decrypt", it
emits this instead:

1 └┬╴multipart/encrypted
2  └╴text/plain inline

and it attaches an encstatus (and possibly sigstatus, if the message was
signed) to part 1.  I'll call this "method A".

There are other methods that could be used as well, and it's worth
making sure we've chosen one that we think is what we'll want in the
future.  here are two other proposals:

Method B:

1 └┬╴multipart/encrypted
2  ├╴application/pgp-encrypted attachment
3  └╴text/plain inline

That is, just replace part 3 (the actual encrypted body) with the
decrypted material.

This has the advantage that for single-part encrypted messages, the
structure and part numbers of the message remains the same as without
--decrypt.


Method C:

1 └╴text/plain inline

That is, replace the entire multipart/encrypted with the decrypted material.

This avoids having an explicitly-labeled "multipart/encrypted" wrapper
around cleartext (which might be considered odd).  It would mean
attaching the encstatus and sigstatus directly to the decrypted part,
though.



I don't actually see any of these methods as being significantly better
than the others -- i think they all have some inherent ugliness.  So i'm
fine with going with method A as Jamie chose it and has it working.  But
i wanted to see if anyone had strong arguments in favor of the other
methods (or if there are other --decrypt methods we could use, for that
matter)

	--dkg

signature.asc (application/pgp-signature)

Thread: