diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2019-05-26 18:16:02 -0400 |
|---|---|---|
| committer | David Bremner <david@tethera.net> | 2019-05-29 08:14:32 -0300 |
| commit | b7b553e732baed620f6688570829a4d46dd5f6e5 (patch) | |
| tree | 112f27a336842ab9484d86d42e695cdd85dc0860 /bindings/python | |
| parent | 996ef5710cd5b9a5de6394018f21955a775f7511 (diff) | |
cli/reply: ensure encrypted Subject: line does not leak in the clear
Now that we can decrypt headers, we want to make sure that clients
using "notmuch reply" to prepare a reply don't leak cleartext in their
subject lines. In particular, the ["reply-headers"]["Subject"] should
by default show the external Subject.
A replying MUA that intends to protect the Subject line should show
the user the Subject from ["original"]["headers"]["Subject"] instead
of using ["reply-headers"]["Subject"].
This minor asymmetry with "notmuch show" is intentional. While both
tools always render the cleartext subject line when they know it (in
["headers"]["Subject"] for "notmuch show" and in
["original"]["headers"]["Subject"] for "notmuch reply"), "notmuch
reply" should never leak something that should stay under encrypted
cover in "reply-headers".
Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Diffstat (limited to 'bindings/python')
0 files changed, 0 insertions, 0 deletions