On 02/28/2011 01:25 PM, Jameson Rollins wrote: > On Mon, 28 Feb 2011 08:52:45 -0500, Ross Glover <ross@ross.mayfirst.org> wrote: >> I too am now running the crypto branch and find it quite amazing. The >> one feature I would like added, though, is some face color or >> auto-tagging in the search buffer for mail with encrypted mime parts. >> It seems like this could be achieved with notmuch effort (by someone >> notme) by adding similar functionality to that of attachments in >> index.cc. > > Yes, this is a good idea, Ross, and one that I've actually been wanting > to implement. I was thinking of auto-tagging messages with signed parts > with something like "signed", and encrypted messages with "encrypted". > Do people like those tags, or would they prefer to see something > different? Or more specific, like "pgp-signed"? i don't care much about the difference between PGP/MIME and S/MIME message formats, so i prefer the term "signed" to "pgp-signed" and "encrypted" to "pgp-encrypted". ---- But: what does the "signed" tag mean? i wouldn't want to necessarily conflate these four ideas: 0) "this message claims to be cryptographically-signed" 1) "we have verified a cryptographic signature over this message" 2) "we have verified a cryptographic signature over this message from a known key (that is, we believe we know who the key belongs to)" 3) "we have verified a cryptographic signature on this message from the sender claimed in the From: line" 3 implies 2, 2 implies 1, and 1 implies 0, of course. But which level would a "signed" tag signify? I'll also note that signed+encrypted messages would not get tagged with "signed" unless the recipient has successfully decrypted them. And then, it's possible that some sub-parts of a message are signed, and others are not. Would the tags indicate the maximum "level" found? or the minimum? something else? ---- For that matter, what would an automatically-placed "encrypted" tag mean? i can think of a few different approaches: 0) some part of this message is wrapped in an encrypted MIME block 1) some part of this message is wrapped in an encrypted MIME block that claims to be decryptable by a key you control 2) some part of this message is wrapped in an encrypted MIME block and you can actually decrypt it (have decrypted it in the past?). 2 in particular couldn't be auto-assigned without having access to the user's secret key material in the first place, but maybe it could be assigned after a decryption succeeds? --dkg