notmuch-mutt: support for duplicate message removal

Stefano Zacchiroli zack at upsilon.cc
Thu Aug 2 00:21:20 PDT 2012


On Wed, Aug 01, 2012 at 01:20:08PM -0400, Daniel Kahn Gillmor wrote:
> The proposed feature could also exacerbate the previously-discussed
> attack vector [0] whereby a malicious Message-ID collision can be used
> to hide messages from the victim's mailstore.
> 
> [0] id:87k42vrqve.fsf at pip.fifthhorseman.net

I didn't find the reference above but, if you're speaking about the
proposed patch only, I don't think it's the case. The proposed patch
only deduplicate file-identical (up to checksums, that is) messages in
maildirs: a Message-ID collision is not enough to hide a message.

But your comment is very interesting anyhow, as deduplicating on the
basis of Message-ID is indeed something I've discussed with Kevin as
future work. You just provided an extra argument not to enable that by
default.

Cheers.
-- 
Stefano Zacchiroli     zack@{upsilon.cc,pps.jussieu.fr,debian.org} . o .
Maître de conférences   ......   http://upsilon.cc/zack   ......   . . o
Debian Project Leader    .......   @zack on identi.ca   .......    o o o
« the first rule of tautology club is the first rule of tautology club »


More information about the notmuch mailing list