On 2017-10-22 11:36:34, Daniel Kahn Gillmor wrote: > + Note that the contents of the index are sufficient to roughly > + reconstruct the cleartext of the message itself, so please ensure > + that the notmuch index itself is adequately protected. DO NOT USE > + this feature without considering the security of your index. Could we expand on what those security options could be? Full disk encryption? Or is there some way to PGP-encrypt the index and have it decrypted on the fly? Security, in this context, seems a little broad... I do have a antsy feeling at decrypting all my private emails in a cleartext database without additional measures. I'd sure love to see this notion expanded here somehow. By the way, I have similar concerns about the autocrypt approach, which goes even further and says private key material should not be protected by a password at all: http://autocrypt.readthedocs.io/en/latest/level1.html#secret-key-protection-at-rest It would be interesting to explain the rationale around those decisions (which autocrypt does) and possible safeguards that mitigate those issues (which autocrypt doesn't). Thanks! A. -- À mesure que l'opression s'étend à tous les secteurs de la vie, la révolte prend l'allure d'une guerre sociale. Les émeutes renaissent et annoncent la révolution à venir. - Jean-François Brient, de la servitude moderne _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch