a proposed change to JSON output to report verification of PGP/MIME signatures.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Nov 23 17:08:29 PST 2010


On 11/16/2010 03:06 PM, Daniel Kahn Gillmor wrote:
> On 11/16/2010 02:47 PM, Carl Worth wrote:
>> The current linearization of parts is a bug that should be fixed. And I
>> think several aspects of your proposal are effectively workarounds for
>> this bug. So I'd rather we fix the json output to emit the tree
>> structure first, and then see what parts of the proposal can be
>> eliminated.
>>
>> [And I think David Edmondson's reply said the same as above, but with
>> more detail. Right?]
> 
> ok, good to know.  that makes sense to me, and i'll plan my work around
> the idea of future tree-structured output.  i didn't know whether the
> linearized output was considered a feature or not.  tree-structured
> output makes me happier.

After a bit of working on this today, i realized that implementing
signature verification on the current linearized MIME output involves a
lot of wasted data tracking. i found myself adding ways to pass around
extra metadata to each part, but that won't be necessary if we get
tree-based mime in JSON.

So instead of implementing signature verification, i've successfully
rebased David Edmondson's mp3 patchset to notmuch 0.5.

That branch is published with the name of mp3-on-0.5 at my notmuch git repo:

 git://lair.fifthhorseman.net/~dkg/notmuch

The current head is commit id de836c032c43d0b2bc06553433ed4271ab54f3f3

The rebase was relatively clean (only a few manual interventions
necessary), and the bulk of my work was normalizing the part ID numbers
between output formats and cleaning up the test suite.

I've got this version working now, and the emacs interface works fine
for me.

Unless i hear objections to it, i'll be basing my future signature
verification work off of this branch.

I plan to attach the previously-proposed sigstatus member of the json
output to the parent element instead of the child elements.

So a message structured like this:

 1 └┬╴multipart/signed 1909 bytes
 2  ├╴text/plain 53 bytes
 3  └╴application/pgp-signature attachment [signature.asc] 900 bytes

part 1's json object would have the new sigstatus member, and parts 2
and 3 would not have any change from the current json format.

It looks like this will dramatically simplify the signature verification.

Feedback would be very much appreciated!

Regards,

	--dkg

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <http://notmuchmail.org/pipermail/notmuch/attachments/20101123/04a4473d/attachment.pgp>


More information about the notmuch mailing list