On Sat, Jun 02 2018, Jameson Graef Rollins <jrollins@finestructure.net> wrote:
> I've pushed a branch of this series rebased against notmuch/release (for
> some reason master is currently a couple commits behind) and fixed to
> reflect the exposure of notmuch_message_get_database:
>
> https://gitlab.com/jrollins/notmuch/commits/protected-headers-fix
>
> All tests pass.  Note it requires gmime 3.0 (which tripped me up for a
> bit since notmuch still implicitly supports older gmime versions).
>
> I haven't done a commit-by-commit review yet, but I am now using this
> series and it works as advertised: messages with encrypted subjects are
> searchable by the encrypted subject, and the encrypted subjects show up
> correctly in all the clients I'm using (both CLI and emacs).
>
> I strongly support the inclusion of this feature, particularly since
> it's an important component of autocrypt, which I want even more.

I've now done a commit-by-commit review and I think this is a very clean
patch series, with very good test suite coverage.  To the extent that I
have much to say on any of the code structure (not much) it all looks
good to me.

In particular I really like the introduction of the new "cryptographic
envelope" concept, and the new whole-message crypto status object that
goes with it.  I think this is a very solid idea that will be very
useful for clients going forward.  The implementation details seem solid
and well thought out to me, seeming to include all the useful info that
a client would need.

As for the protected headers, I like that they're just swapped in
seamlessly.  It also seems useful that the crypto envelope status
includes information about which headers were signed, and which headers
were masked by those that were encrypted.  It seems that there's just
enough information emitted about the overall crypto status and the
protected headers for any clients to be able to construct a useful UX
for users, but without any cruft that could potentially be confusing.

jamie.