summaryrefslogtreecommitdiff
path: root/meetings/hd2015.mdwn
blob: 21f80756ebedb24aff7d02ecbefd755103ee2725 (plain)
What, Where, When
=================

*  Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).

* The meeting is Monday 2015-08-17, 1700-1800 CET

* Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)

* We will probably use
  [gobby](https://packages.debian.org/jessie/gobby) for collaborative
  editing. Unfortunately the infinote backend for emacs-rudel seems
  not work. After installing gobby (>= 5.0), run

      % gobby infinote://gobby.debian.org/debconf15/bof/notmuch-privacy-and-security


Agenda
======

Moving parts for secure e-mail
------------
* libxapian  (C++, full text search)
* libgmime (C, glib, RFC822+MIME library)
* libnotmuch (C and C++)
* /usr/bin/notmuch (C)
* GnuPG (C)
* Emacs UI (emacs lisp)
  * notmuch-emacs
  * mml-mode, mm multimedia rendering library
* Alot / nmbug / nmbug-status (python)
  * python-bindings
* webmail:
  * noservice (Clojure)
  * notmuch web (Haskell)

Security and privacy concerns
-----------------------------
* message-id collisions
* rendering "rich" messages
  * network access in front ends
  * safe rendering of HTML
* rendering security information
  * spoofing signatures
  * partially signed messages
* Oops I just sent...
  * wrong key selection during composition
  * reply (message mode defaults)
  * opportunistic signing and encryption
  * using markup for security
* inline PGP
* webmail
  * authentication/authorization (multiple users?)
  *  message escaping (XSS, etc)
* shell injection
* terminal escape sequences
* S/MIME support
  * signatures
  * encryption
  * integration with other keyrings
* reproducible builds:
  [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
* decryption happens in the CLI rather than the UI
  * when using the UI and the CLI on different machines (so called "remote" mode), this leads to some undesirable and odd behaviour:
    * decrypted content is passed across a potentially insecure channel (though usually ssh)
    * the CLI needs access to keys, which can be awkward or impossible

Usability as security?
----------------------

* Indexing encrypted mail
  * incremental re-indexing?
* Memory Hole protected headers
* Key selection indicators during composition

Breakout sessions
-----------------

* based on moving part

Reportbacks
-----------