Jeremy Nickurak <not-much@trk.nickurak.ca> writes: > Off the top of my head, you could have an encrypted index too, which you > can only search while able to decrypt. Certainly another level of > complexity. > But why add so much complexity? If a user decides that either transport security is enough or additionally the hard disk is encrypted (why store an encrypted index on an encrypted hard disk?), said user could just switch on an option in the notmuch configuration that causes notmuch to ask for the password before or while indexing new messages and to add decrypted messages to the normal index as well. The level of security would be up to the user by means of said configuration option and those that want the convenience of searching encrypted messages could have it. Personally I would argue that if an attacker has the means to access the content of my hard disk either via the network or physically, there is no difference between having whole disk encryption and storing an encrypted index...