[notmuch] indexing encrypted messages (was: OpenPGP support)

Ruben Pollan meskio at sindominio.net
Sun Jan 10 04:42:59 PST 2010


On 14:41, Fri 08 Jan 10, micah anderson wrote:
> On Fri, 8 Jan 2010 10:21:21 +0100, Ruben Pollan <meskio at sindominio.net> wrote:
> > On 15:56, Fri 08 Jan 10, martin f krafft wrote:
> > > How about indexing GPG-encrypted messages?
> > 
> > I think that would be security hole. You should not store the
> > encrypted messages on a decrypted database. A solution whould be to
> > encrypt as well the xapian DB, but I think is too complex for the use.
> 
> Would you consider it a security hole if you stored your database on
> encrypted media (such as on-disk block encryption)?

No, in this case should be not a security hole. But anyway what is secure and
what not should be defined by the user. For some users may not be a security
hole to store the email decrypted.

But I think notmuch by default should not do so. This kind of things should be
something that the user activate by hand knowing what she is doing.

> I know that sup does this, when it ran over my mail store, it would
> trigger my gpg agent so that it could decrypt the encrypted
> messages. This was annoying because this happened every time it ran,
> which meant that unless I had used gpg recently, my agent would pop up
> and ask me for my passphrase, which was often.

I didn't use sup. Don't know how it works. But that feature is technically
possible. As I said before in my personal opinion that should not be the 
out-of-the-box behavior.

> The way Mutt provides this functionality is by decrypting only when you
> perform the search itself.

Yes, but notmuch can not do that. notmuch indexes the messages and mutt not.



-- 
Rubén Pollán  | jabber:meskio at jabber.org
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Lo hago para no volverme loco cuando noto
que solo me queda un demonio en un hombro
por que se ha cortado las venas
el ángel que había en el otro.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20100110/f8548751/attachment.pgp>


More information about the notmuch mailing list