[PATCH 1/6] NEWS: cleartext indexing section includes session keys
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Sun Dec 31 15:09:25 PST 2017
These are part and parcel of the same feature, so include the overview
here.
---
NEWS | 17 +++++++++++++----
1 file changed, 13 insertions(+), 4 deletions(-)
diff --git a/NEWS b/NEWS
index 10752fa7..989cc405 100644
--- a/NEWS
+++ b/NEWS
@@ -43,13 +43,22 @@ Indexing cleartext of encrypted e-mails
It's now possible to include the cleartext of encrypted e-mails in
the notmuch index. This makes it possible to search your encrypted
e-mails with the same ease as searching cleartext. This can be done
- on a per-message basis with the --decrypt argument to indexing
+ on a per-message basis by passing --decrypt=true to indexing
commands (new, insert, reindex), or by default by running "notmuch
config set index.decrypt true".
- Note that the contents of the index are sufficient to roughly
- reconstruct the cleartext of the message itself, so please ensure
- that the notmuch index itself is adequately protected. DO NOT USE
+ Encrypted messages whose cleartext is indexed will typically also
+ have their session keys stashed as properties associated with the
+ message. Stashed session keys permit rapid rendering of long
+ encrypted threads, and disposal of expired encryption-capable keys.
+ If for some reason you want cleartext indexing without stashed
+ session keys, use --decrypt=nostash for your indexing commands (or
+ run "notmuch config set index.decrypt nostash"). See `index.decrypt`
+ in notmuch-config(1) for more details.
+
+ Note that stashed session keys permit reconstruction of the
+ cleartext of the encrypted message itself, and the contents of the
+ index are roughly equivalent to the cleartext as well. DO NOT USE
this feature without considering the security of your index.
Library Changes
--
2.15.1
More information about the notmuch
mailing list