session keys, version 2
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Thu Nov 30 00:59:25 PST 2017
This is the second revision of the session keys series. the earlier
version of this series can be found following
id:20171025065203.24403-1-dkg at fifthhorseman.net.
This version addresses the ideas and critiques raised on list about
the first version.
In particular:
* ./configure now detects and sets a HAVE_GMIME_SESSION_KEYS #define
to consolidate the version number checking in one place.
* the library contains a built_with("session_key") marker.
* the command line syntax for new, insert, and reindex is now
--decrypt=<policy>, instead of --try-decrypt=<policy>
* the configuration option is now index.decrypt, instead of
index.try_decrypt.
* in alignment with the shift to a "decryption policy" vocabulary,
i've changed notmuch_indexopts_{set,get}_try_decrypt to
notmuch_indexopts_{set,get}_decrypt_policy. I think this is OK
because the API has not been released yet.
The decryption policies remain the same:
+------------------------+-------+------+---------+------+
| | false | auto | nostash | true |
+========================+=======+======+=========+======+
| Index cleartext using | | X | X | X |
| stashed session keys | | | | |
+------------------------+-------+------+---------+------+
| Index cleartext | | | X | X |
| using secret keys | | | | |
+------------------------+-------+------+---------+------+
| Stash session keys | | | | X |
+------------------------+-------+------+---------+------+
| Delete stashed session | X | | | |
| keys on reindex | | | | |
+------------------------+-------+------+---------+------+
I believe this addresses all the major concerns raised about the
earlier draft of this series, and i know that there are at least a few
people other than myself currently using this series.
Please let me know if you have any other feedback about this new
revision! I'd love to try to land this in 0.26.
--dkg
More information about the notmuch
mailing list