diff options
| author | David Bremner <david@tethera.net> | 2015-08-16 09:53:47 +0200 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2015-08-16 09:53:47 +0200 |
| commit | c5002da580f38cdb3acf84db30b7ab401b2a0709 (patch) | |
| tree | 40068ddc2451de6d11824dff592dadc7c60e6702 | |
| parent | 43f0b1e82ee56387330ee084ab161bced8300438 (diff) | |
merge remaining discussion from pad into agenda
| -rw-r--r-- | meetings/hd2015.mdwn | 39 |
1 files changed, 10 insertions, 29 deletions
diff --git a/meetings/hd2015.mdwn b/meetings/hd2015.mdwn index 7062356..0d4292c 100644 --- a/meetings/hd2015.mdwn +++ b/meetings/hd2015.mdwn @@ -29,12 +29,18 @@ Moving parts for secure e-mail Security and privacy concerns ----------------------------- -* privacy leaks rendering messages * message-id collisions +* rendering "rich" messages + * network access in front ends + * safe rendering of HTML +* rendering security information + * spoofing signatures + * partially signed messages * Oops I just sent... * wrong key selection during composition * reply (message mode defaults) * opportunistic signing and encryption + * using markup for security * inline PGP * webmail * authentication/authorization (multiple users?) @@ -51,10 +57,10 @@ Security and privacy concerns Usability as security? ---------------------- -* indexing encrypted mail +* Indexing encrypted mail + * incremental re-indexing? * Memory Hole protected headers -* key selection indicators during composition - +* Key selection indicators during composition Breakout sessions ----------------- @@ -65,28 +71,3 @@ Reportbacks ----------- - -------------------------- - - -more complete agenda: - - * signature only (easyish) versus encryption (more work) - * Improving the security of the Emacs MML mime composer - * automated "encrypt-when-i-have-keys-available" mode or other convenience functions? - * can an adversary force signatures based on quoted text? - * generate memory-hole-style messages - * Searching of GPG encrypted mail - * possible implementation mechanism: "notmuch reindex --with-filter=decrypt" - * Auditing and fixing "webbug" style problems in front ends - * can we instruct emacs to restrict all network access from notmuch? - * what other frontends might call out to the network? - * Making notmuch build reproducibly - * https://reproducible.debian.net/rb-pkg/unstable/amd64/notmuch.html - * Protect against spoofed signature verification? - * how do we deal with multipart messages where only a subtree is signed? - * are other sorts of spoofing possible? - * read and display memory-hole-style messages - * "safe" ways to display html parts (e.g. without text/plain alternatives) - - |
