Re: [PATCH] NEWS: cleartext indexing

Subject: Re: [PATCH] NEWS: cleartext indexing

Date: Mon, 30 Oct 2017 08:46:12 -0400


Cc: Daniel Kahn Gillmor

From: Antoine Beaupré

On 2017-10-22 11:36:34, Daniel Kahn Gillmor wrote:
> +  Note that the contents of the index are sufficient to roughly
> +  reconstruct the cleartext of the message itself, so please ensure
> +  that the notmuch index itself is adequately protected.  DO NOT USE
> +  this feature without considering the security of your index.

Could we expand on what those security options could be? Full disk
encryption? Or is there some way to PGP-encrypt the index and have it
decrypted on the fly?

Security, in this context, seems a little broad... I do have a antsy
feeling at decrypting all my private emails in a cleartext database
without additional measures. I'd sure love to see this notion expanded
here somehow.

By the way, I have similar concerns about the autocrypt approach, which
goes even further and says private key material should not be protected
by a password at all:

It would be interesting to explain the rationale around those decisions
(which autocrypt does) and possible safeguards that mitigate those
issues (which autocrypt doesn't).



À mesure que l'opression s'étend à tous les secteurs de la vie,
la révolte prend l'allure d'une guerre sociale. 
Les émeutes renaissent et annoncent la révolution à venir.
                        - Jean-François Brient, de la servitude moderne
notmuch mailing list