Stashed session keys

Daniel Kahn Gillmor dkg at fifthhorseman.net
Tue Oct 24 23:51:45 PDT 2017


Now that cleartext indexing is merged, let's add the ability to stash
session keys!

Background
==========

Encrypted e-mail messages are "hybrid" encryption.  The message body
is encrypted with an ephemeral session key, and then that session key
is itself encrypted to the user's public key.

If an MUA retains (or obtains) a copy of the session key for a given
message, it can access the cleartext of that message without needing
any access to the user's private key material.

This offers possible wins in efficiency, usability, convenience *and*
security, as the series hopefully makes clear.

Decryption Policies
===================

At the end of the series, there are four sensible policies defined for
message decryption and stashing of session keys.  There are only two i
expect to see any widespread regular use: "auto", and "true".  But
hopefully the reasons for including the other two policies ("false"
and "nostash") are made clear by the series itself.

I'll replicate here the table this series adds to notmuch-config(1),
in describing the available values for index.try_decrypt:

   +------------------------+-------+------+---------+------+
   |                        | false | auto | nostash | true |
   +========================+=======+======+=========+======+
   | Index cleartext using  |       |  X   |    X    |  X   |
   | stashed session keys   |       |      |         |      |
   +------------------------+-------+------+---------+------+
   | Index cleartext        |       |      |    X    |  X   |
   | using secret keys      |       |      |         |      |
   +------------------------+-------+------+---------+------+
   | Stash session keys     |       |      |         |  X   |
   +------------------------+-------+------+---------+------+
   | Delete stashed session |   X   |      |         |      |
   | keys on reindex        |       |      |         |      |
   +------------------------+-------+------+---------+------+


Please let me know what you think!  I'd love feedback and critique.

Happy hacking,

       --dkg



More information about the notmuch mailing list