Re: Stashed session keys

Subject: Re: Stashed session keys

Date: Mon, 13 Nov 2017 02:51:17 +0800

To: Jameson Graef Rollins, Notmuch Mail

Cc:

From: Daniel Kahn Gillmor

On Sun 2017-11-12 11:51:11 +0800, Daniel Kahn Gillmor wrote:
> On Sat 2017-11-11 15:31:36 -0800, Jameson Graef Rollins wrote:
>> I haven't decided what's the best way to do that yet, but something
>> like the following happening automatically at inbox view might do the
>> trick:
>>
>>   notmuch reindex --try-decrypt=true (tag:inbox AND tag:encrypted)
>
> This seems like a reasonable way to ensure that your long-term, personal
> secret keys only get accessed when you are interactively working with
> your mail user agent.
>
> You might be able to target the reindex even more narrowly by adding
> something like "AND not property:index-decryption=success"

Sorry, this should be "AND not property:index.decryption=success"

       --dkg
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

• Previous message (by thread): Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true

Thread:

• Daniel Kahn Gillmor—Stashed session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 01/18] mime-node: handle decrypt_result more safely [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 02/18] crypto: add _notmuch_crypto_decrypt wrapper function [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Daniel Kahn Gillmor—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, signed, unread]
    • David Bremner—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
        • David Bremner—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 04/18] test/corpora: add an encrypted message for index decryption tests [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
        • David Bremner—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 06/18] lib: convert notmuch decryption policy to an enum [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 07/18] crypto: new decryption policy "auto" [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Jameson Graef Rollins—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
        • Jameson Graef Rollins—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
    • David Bremner—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 08/18] cli/reply: use decryption policy "auto" by default. [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 09/18] cli/show: use decryption policy "auto" by default. [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 10/18] cli/show, reply: document use of stashed session keys in notmuch-properties [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 12/18] crypto: record whether an actual decryption attempt happened [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 14/18] cli/reindex: destroy stashed session keys when --try-decrypt=false [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
        • David Bremner—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Daniel Kahn Gillmor—Re: [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, signed, unread]
    • David Bremner—Re: [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 17/18] docs: clean up documentation about decryption policies [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, unread]
  • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, signed, unread]
  • Jameson Graef Rollins—Re: Stashed session keys [inbox, signed, unread]
    • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, signed, unread]
      • Jameson Graef Rollins—Re: Stashed session keys [inbox, signed, unread]
      • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, unread]
  • meskio—Re: Stashed session keys [inbox, signed, unread]
    • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, unread]