notmuch-mutt: support for duplicate message removal

Jani Nikula jani at nikula.org
Wed Aug 1 12:18:55 PDT 2012


On Wed, 01 Aug 2012, Daniel Kahn Gillmor <dkg at fifthhorseman.net> wrote:
> On 08/01/2012 12:26 PM, Andrei POPESCU wrote:
>> I'm at least one user that cares enough about the distinction to have 
>> all list mails received via a different address, just to avoid Gmail's 
>> "feature" of silently dropping my own messages received via a list. 
>> IMVHO it should at least be configurable...
>
> The proposed feature could also exacerbate the previously-discussed
> attack vector [0] whereby a malicious Message-ID collision can be used
> to hide messages from the victim's mailstore.

Just to clarify, the feature proposed in this patch series does not make
the problem worse (as it would hide only fully identical messages, which
is not useful for the malicious purpose).

What I suggested [1] could indeed make notmuch-mutt as vulnerable to the
attack vector as notmuch show, and the emacs ui, currently are (but not
worse than that).

BR,
Jani.

[1] id:"87pq7aam8n.fsf at nikula.org"

>
> 	--dkg
>
> [0] id:87k42vrqve.fsf at pip.fifthhorseman.net


More information about the notmuch mailing list