Re: [RFE] Call `gpg --recv-keys` asynchronously

Subject: Re: [RFE] Call `gpg --recv-keys` asynchronously

Date: Sun, 05 Mar 2017 13:49:49 +0200

To: David Bremner, Sebastian Schwarz,

Cc: Daniel Kahn Gillmor

From: Jani Nikula

On Tue, 28 Feb 2017, David Bremner <> wrote:
> Sebastian Schwarz <> writes:
>> Even with all keys already present signature verification takes
>> some time as well.  It would be nice if this was done
>> asynchronously as well.  This would greatly improve the speed of
>> opening threads with large numbers of signed messages.
> Offhand, that sounds even harder.

Indeed. I think this could only be sensibly considered if we ever
decided to support decryption/verification in notmuch-emacs.

> With a noticable loss in security, we could cache the verifications in
> the database so the cost is only paid once.

>From implementation POV one downside is that a read-only operation would
have to be turned into a read-write operation to store the cached result
in the database.

Assuming the database is as secure as the key store, I suppose the
reduction in security is related to key expiry and revocation. Those
bring in the problem of invalidating the cached verification. All of
this is something that has to be opt-in, judged by the user.

Even if the mechanisms might be fairly straightforward to implement, I'm
not really fond of the idea of adding somewhat complicated features not
enabled by default for all users. or features we couldn't even recommend
for people who can't make the judgement themselves.