Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys

Subject: Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys

Date: Tue, 14 Nov 2017 21:58:17 +0800

To: David Bremner, Notmuch Mail

Cc:

From: Daniel Kahn Gillmor

On Tue 2017-11-14 09:13:52 -0400, David Bremner wrote:
> Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes:
>
>> If you've got a notmuch dump that includes stashed session keys for
>> every decrypted message, and you've got your message archive, you
>> should be able to get back to the same index that you had before.
>
> Out of curiousity, have you given any thought to what happens when
> someone sends a message with the same message-id but a different
> session-key? it seems like the user can potentially lose access to the
> encrypted message.

yep!  I even have that case in my own mailbox due to messages i've sent
to schleuder encrypted mailing lists to which i'm also subscribed.

It works fine.  notmuch stashes both session keys against the message-id
(you can have multiple properties with the same name as long as they
have different values).  And upon decryption, it tries each session-key
in succession.  This is a little bit sloppy (maybe it would be less
sloppy to associate each message key with each version of the message
somehow?), but it's significantly simpler and basically unnoticeable
compared to the speedup gains provided by the rest of the series.

         --dkg
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

• Previous message (by thread): Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true

Thread:

• Daniel Kahn Gillmor—Stashed session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 01/18] mime-node: handle decrypt_result more safely [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 02/18] crypto: add _notmuch_crypto_decrypt wrapper function [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Daniel Kahn Gillmor—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, signed, unread]
    • David Bremner—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
        • David Bremner—Re: [PATCH 03/18] crypto: use stashed session-key properties for decryption, if available [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 04/18] test/corpora: add an encrypted message for index decryption tests [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
        • David Bremner—Re: [PATCH 05/18] crypto: Test restore of cleartext index from stashed session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 06/18] lib: convert notmuch decryption policy to an enum [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 07/18] crypto: new decryption policy "auto" [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Jameson Graef Rollins—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
        • Jameson Graef Rollins—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, signed, unread]
    • David Bremner—Re: [PATCH 07/18] crypto: new decryption policy "auto" [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 08/18] cli/reply: use decryption policy "auto" by default. [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 09/18] cli/show: use decryption policy "auto" by default. [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 10/18] cli/show, reply: document use of stashed session keys in notmuch-properties [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 11/18] cli/new, insert, reindex: update documentation for --try-decrypt=auto [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 12/18] crypto: record whether an actual decryption attempt happened [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 13/18] cli/new, insert, reindex: change index.try_decrypt to "auto" by default [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 14/18] cli/reindex: destroy stashed session keys when --try-decrypt=false [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
        • David Bremner—Re: [PATCH 15/18] crypto: actually stash session keys when try-decrypt=true [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, notmuch::obsolete, notmuch::patch, unread]
    • Daniel Kahn Gillmor—Re: [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, signed, unread]
    • David Bremner—Re: [PATCH 16/18] crypto: add --try-decrypt=nostash to avoid stashing session keys [inbox, unread]
  • Daniel Kahn Gillmor—[PATCH 17/18] docs: clean up documentation about decryption policies [inbox, notmuch::obsolete, notmuch::patch, unread]
  • Daniel Kahn Gillmor—[PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, notmuch::obsolete, notmuch::patch, unread]
    • David Bremner—Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, unread]
      • Daniel Kahn Gillmor—Re: [PATCH 18/18] python: add try_decrypt argument to Database.index_file() [inbox, unread]
  • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, signed, unread]
  • Jameson Graef Rollins—Re: Stashed session keys [inbox, signed, unread]
    • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, signed, unread]
      • Jameson Graef Rollins—Re: Stashed session keys [inbox, signed, unread]
      • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, unread]
  • meskio—Re: Stashed session keys [inbox, signed, unread]
    • Daniel Kahn Gillmor—Re: Stashed session keys [inbox, unread]