[PATCH] NEWS: cleartext indexing
Antoine Beaupré
anarcat at orangeseeds.org
Mon Oct 30 05:46:12 PDT 2017
On 2017-10-22 11:36:34, Daniel Kahn Gillmor wrote:
> + Note that the contents of the index are sufficient to roughly
> + reconstruct the cleartext of the message itself, so please ensure
> + that the notmuch index itself is adequately protected. DO NOT USE
> + this feature without considering the security of your index.
Could we expand on what those security options could be? Full disk
encryption? Or is there some way to PGP-encrypt the index and have it
decrypted on the fly?
Security, in this context, seems a little broad... I do have a antsy
feeling at decrypting all my private emails in a cleartext database
without additional measures. I'd sure love to see this notion expanded
here somehow.
By the way, I have similar concerns about the autocrypt approach, which
goes even further and says private key material should not be protected
by a password at all:
http://autocrypt.readthedocs.io/en/latest/level1.html#secret-key-protection-at-rest
It would be interesting to explain the rationale around those decisions
(which autocrypt does) and possible safeguards that mitigate those
issues (which autocrypt doesn't).
Thanks!
A.
--
À mesure que l'opression s'étend à tous les secteurs de la vie,
la révolte prend l'allure d'une guerre sociale.
Les émeutes renaissent et annoncent la révolution à venir.
- Jean-François Brient, de la servitude moderne
More information about the notmuch
mailing list