Re: [PATCH] NEWS: cleartext indexing

Subject: Re: [PATCH] NEWS: cleartext indexing

Date: Mon, 30 Oct 2017 08:46:12 -0400

To: notmuch@notmuchmail.org

Cc: Daniel Kahn Gillmor

From: Antoine Beaupré


On 2017-10-22 11:36:34, Daniel Kahn Gillmor wrote:
> +  Note that the contents of the index are sufficient to roughly
> +  reconstruct the cleartext of the message itself, so please ensure
> +  that the notmuch index itself is adequately protected.  DO NOT USE
> +  this feature without considering the security of your index.

Could we expand on what those security options could be? Full disk
encryption? Or is there some way to PGP-encrypt the index and have it
decrypted on the fly?

Security, in this context, seems a little broad... I do have a antsy
feeling at decrypting all my private emails in a cleartext database
without additional measures. I'd sure love to see this notion expanded
here somehow.

By the way, I have similar concerns about the autocrypt approach, which
goes even further and says private key material should not be protected
by a password at all:

http://autocrypt.readthedocs.io/en/latest/level1.html#secret-key-protection-at-rest

It would be interesting to explain the rationale around those decisions
(which autocrypt does) and possible safeguards that mitigate those
issues (which autocrypt doesn't).

Thanks!

A.

-- 
À mesure que l'opression s'étend à tous les secteurs de la vie,
la révolte prend l'allure d'une guerre sociale. 
Les émeutes renaissent et annoncent la révolution à venir.
                        - Jean-François Brient, de la servitude moderne
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: