Re: Allow indexing cleartext of encrypted messages (v3)

Subject: Re: Allow indexing cleartext of encrypted messages (v3)

Date: Sat, 06 Feb 2016 22:48:55 +0200

To: Daniel Kahn Gillmor, Notmuch Mail


From: Tomi Ollila

On Sun, Jan 31 2016, Daniel Kahn Gillmor <> wrote:

> This is the third draft of the series initially announced in
> (second
> draft was in
>  It
> differs from v2 in that it incorporates the recent improvements in
> detecting and processing S/MIME signatures.

Looks pretty good. Nothing to bikeshed. Did not run tests yet.


> From the v2 description:
>> Notmuch currently doesn't index the cleartext of encrypted mail.  This
>> is the right choice by default, because the index is basically
>> cleartext-equivalent, and we wouldn't want every indexed mailstore to
>> leak the contents of its encrypted mails.
>> However, if a notmuch user has their index in a protected location,
>> they may prefer the convenience of being able to search the contents
>> of (at least some of) their encrypted mail.
>> This series of patches enables notmuch to index the cleartext of
>> specific encrypted messages when they're being added via "notmuch new"
>> or "notmuch insert", via a new --try-decrypt flag.
>> If --try-decrypt is used, and decryption is successful for part of a
>> message, the message gets an additional "index-decrypted" tag.  If
>> decryption of part of a message fails, the message gets an additional
>> "index-decryption-failed" tag.
> v2 addresses the concerns raised from the helpful feedback on the
> previous series, and adds a notmuch_indexopts_t object that can be
> used to declare options for indexing messages, including a
> "try_decrypt" boolean.
> Additionally, this series adds a new function to libnotmuch:
>   notmuch_message_reindex (notmuch_message_t *message,
>                            notmuch_indexopts_t *indexopts)
> Which allows user of the library to adjust the indexing options of a
> given message.
> The CLI is additionally augmented with a new notmuch subcommand,
> "notmuch reindex", which also has a --try-decrypt flag.
> So a user who has their message index stored securely and wants to
> index the cleartext of all encrypted messages they've received can do
> something like:
>   notmuch reindex --try-decrypt tag:encrypted and not tag:index-decrypted
> Or can clear all indexed cleartext from their database with:
>   notmuch reindex tag:encrypted and tag:index-decrypted
> _______________________________________________
> notmuch mailing list