On Thu 2016-06-02 14:21:44 -0400, Mark Walters wrote: > There was some discussion on irc yesterday about a better way of > postponing message when using the emacs frontend. I think getting a > moderately nice interface should be quite easy (see below) but there are > some corner cases on what *should* happen that I would like to resolve > before trying to implement anything. one other corner case worth thinking about here (it can probably be postponed until we have base cases handled, but i wanted to bring it up) is how per-message cryptographic operations (mml-secure-*) interact with drafts. In particular, i think that any sort of message signing should *not* happen during saving of a draft, but the intent to sign should be preserved. That is, we should save and restore the #secure tag when saving a draft or restoring a draft, but the saved draft itself should *not* be signed. for encryption, i have a different (and arguably opposite) intuition. if the sender has the ability to *decrypt* mails, i'd argue that saving a draft should encrypt the draft, regardless of the draft's stated intent to encrypt. These cases matter because i know many people use tools like offline-imap to sync their mail store with a remote mailserver. if the remote mailserver can get a copy of the signed draft, it could replay it (effectively making use of an unintentional signature). Likewise, if the user doesn't think about encrypting a message until they're they're ready to send it, then an intermediate/draft version of the message might end up in cleartext on the remote server. --dkg