Re: [Review] Re: new "crypto" branch providing full PGP/MIME support

Subject: Re: [Review] Re: new "crypto" branch providing full PGP/MIME support

Date: Mon, 28 Feb 2011 13:59:54 -0500

To: notmuch

Cc:

From: Daniel Kahn Gillmor

On 02/28/2011 01:25 PM, Jameson Rollins wrote:
> On Mon, 28 Feb 2011 08:52:45 -0500, Ross Glover <ross@ross.mayfirst.org> wrote:
>> I too am now running the crypto branch and find it quite amazing.  The
>> one feature I would like added, though, is some face color or
>> auto-tagging in the search buffer for mail with encrypted mime parts.
>> It seems like this could be achieved with notmuch effort (by someone
>> notme) by adding similar functionality to that of attachments in
>> index.cc.
> 
> Yes, this is a good idea, Ross, and one that I've actually been wanting
> to implement.  I was thinking of auto-tagging messages with signed parts
> with something like "signed", and encrypted messages with "encrypted".
> Do people like those tags, or would they prefer to see something
> different?  Or more specific, like "pgp-signed"?

i don't care much about the difference between PGP/MIME and S/MIME
message formats, so i prefer the term "signed" to "pgp-signed" and
"encrypted" to "pgp-encrypted".

  ----

But: what does the "signed" tag mean? i wouldn't want to necessarily
conflate these four ideas:

 0) "this message claims to be cryptographically-signed"

 1) "we have verified a cryptographic signature over this message"

 2) "we have verified a cryptographic signature over this message from a
known key (that is, we believe we know who the key belongs to)"

 3) "we have verified a cryptographic signature on this message from the
sender claimed in the From: line"

3 implies 2, 2 implies 1, and 1 implies 0, of course.  But which level
would a "signed" tag signify?

I'll also note that signed+encrypted messages would not get tagged with
"signed" unless the recipient has successfully decrypted them.  And
then, it's possible that some sub-parts of a message are signed, and
others are not.  Would the tags indicate the maximum "level" found? or
the minimum?  something else?

  ----

For that matter, what would an automatically-placed "encrypted" tag
mean?  i can think of a few different approaches:

 0) some part of this message is wrapped in an encrypted MIME block

 1) some part of this message is wrapped in an encrypted MIME block that
claims to be decryptable by a key you control

 2) some part of this message is wrapped in an encrypted MIME block and
you can actually decrypt it (have decrypted it in the past?).

2 in particular couldn't be auto-assigned without having access to the
user's secret key material in the first place, but maybe it could be
assigned after a decryption succeeds?


	--dkg
signature.asc (application/pgp-signature)

Thread: