summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Kahn Gillmor <dkg@fifthhorseman.net>2015-08-15 10:00:03 +0200
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2015-08-15 10:00:03 +0200
commit69bb1e9b54a368b469a8bea7310b1cd33fac029f (patch)
tree2fb5ead968c3f2540a6067aeec2c0b515af09811
parent378fc2c304fc9b45fe09df15d6713d5e6f668be5 (diff)
plans for dc15 session
-rw-r--r--meetings/hd2015.mdwn45
1 files changed, 45 insertions, 0 deletions
diff --git a/meetings/hd2015.mdwn b/meetings/hd2015.mdwn
index dc1356f..5f2dd18 100644
--- a/meetings/hd2015.mdwn
+++ b/meetings/hd2015.mdwn
@@ -2,6 +2,51 @@ Bremner and dkg are co-hosting a BoF at debconf:
https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/
+Agenda
+======
+
+Moving parts for secure e-mail
+------------
+* libnotmuch
+* /usr/bin/notmuch
+* notmuch-emacs
+* libgmime
+* GnuPG
+* mml-mode
+* webmail:
+ * noservice
+ * notmuch web
+
+Security concerns
+-----------------
+* wrong key selection during composition
+* reply (message mode defaults)
+* inline PGP
+* webmail authentication/authorization (muliple users?)
+* webmail message escaping (XSS, etc)
+* shell injection
+* terminal escape sequences
+* S/MIME support
+
+### usability as security?
+
+* indexing encrypted mail
+* Memory Hole protected headers
+* key selection indicators during compositoin
+
+
+Breakout sessions
+-----------------
+
+* based on moving part
+
+Reportbacks
+-----------
+
+
+
+-------------------------
+
proposed session:
---------
One of (at least my) primary motivations for working on Notmuch is reducing my dependence on cloud services, and supporting the secure sending and receiving of signed and encrypted mail. Like any realworld piece of software, notmuch is far from perfect, and several areas related to privacy and security could clearly be improved. During this BoF we'd like to plan out some topics to work on in followup hacking sessions. Anyone is welcome, even if they don't feel like hacking on notmuch. Potential topics of discussion andhacking include: