Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

Subject: Re: [PATCH] emacs: new crypto customization variable to control stashing of encryption session keys

Date: Tue, 19 Jun 2018 12:42:04 -0400

To: Jameson Graef Rollins, notmuch@notmuchmail.org

Cc:

From: Daniel Kahn Gillmor

This is looking good to me, thanks!

two more bits of nit-pickery below:

On Tue 2018-06-19 08:20:12 -0700, Jameson Graef Rollins wrote:
> +(defcustom notmuch-show-stash-session-keys nil
> +  "Should session keys be stashed when decrypting messages for display?
> +
> +If this variable is non-nil session keys recovered while
> +decrypting messages for display will be stored in the database.
> +See description of --decrypt option in notmuch-show(1) for more
> +information.

do we want to include a warning here about the security of the index?
setting this value to true not only stashes the session keys, but it
also indexes the cleartext.  at the moment we're not directing people to
the same kind of warnings ("Be aware that the index… DO NOT USE …
without considering the security of your index.") that are present
already in notmuch-reindex(1) and notmuch-new(1) and notmuch-insert(1).
Perhaps notmuch-show(1) needs the same boilerplate warning, and we could
replicate some short version of it here too?

> +NOTE: Stashing encryption session keys requires opening the
> +notmuch database in read/write mode, which is not normally done

i'd say "not otherwise done" instead of "not normally done", since we
don't want to claim that people who use this feature aren't "normal" :)

      --dkg
signature.asc (application/pgp-signature)
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: