blob: 21f80756ebedb24aff7d02ecbefd755103ee2725 (
plain)
What, Where, When
=================
* Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).
* The meeting is Monday 2015-08-17, 1700-1800 CET
* Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)
* We will probably use
[gobby](https://packages.debian.org/jessie/gobby) for collaborative
editing. Unfortunately the infinote backend for emacs-rudel seems
not work. After installing gobby (>= 5.0), run
% gobby infinote://gobby.debian.org/debconf15/bof/notmuch-privacy-and-security
Agenda
======
Moving parts for secure e-mail
------------
* libxapian (C++, full text search)
* libgmime (C, glib, RFC822+MIME library)
* libnotmuch (C and C++)
* /usr/bin/notmuch (C)
* GnuPG (C)
* Emacs UI (emacs lisp)
* notmuch-emacs
* mml-mode, mm multimedia rendering library
* Alot / nmbug / nmbug-status (python)
* python-bindings
* webmail:
* noservice (Clojure)
* notmuch web (Haskell)
Security and privacy concerns
-----------------------------
* message-id collisions
* rendering "rich" messages
* network access in front ends
* safe rendering of HTML
* rendering security information
* spoofing signatures
* partially signed messages
* Oops I just sent...
* wrong key selection during composition
* reply (message mode defaults)
* opportunistic signing and encryption
* using markup for security
* inline PGP
* webmail
* authentication/authorization (multiple users?)
* message escaping (XSS, etc)
* shell injection
* terminal escape sequences
* S/MIME support
* signatures
* encryption
* integration with other keyrings
* reproducible builds:
[sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
* decryption happens in the CLI rather than the UI
* when using the UI and the CLI on different machines (so called "remote" mode), this leads to some undesirable and odd behaviour:
* decrypted content is passed across a potentially insecure channel (though usually ssh)
* the CLI needs access to keys, which can be awkward or impossible
Usability as security?
----------------------
* Indexing encrypted mail
* incremental re-indexing?
* Memory Hole protected headers
* Key selection indicators during composition
Breakout sessions
-----------------
* based on moving part
Reportbacks
-----------
|