git.notmuchmail.org Git - notmuch/commit - doc/man1/notmuch-reindex.rst

author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>
	Fri, 8 Dec 2017 06:24:01 +0000 (01:24 -0500)
committer	David Bremner <david@tethera.net>
	Fri, 8 Dec 2017 12:08:47 +0000 (08:08 -0400)
commit	29648a137c5807135ab168917b4a51d5e19e51c2
tree	ea06354db54289171b1cc46fba3f7314f515516b	tree \| snapshot
parent	6a9626a2fdddf6115bcf97982fd10053bf48e942	commit \| diff

crypto: actually stash session keys when decrypt=true

If you're going to store the cleartext index of an encrypted message,
in most situations you might just as well store the session key.
Doing this storage has efficiency and recoverability advantages.

Combined with a schedule of regular OpenPGP subkey rotation and
destruction, this can also offer security benefits, like "deletable
e-mail", which is the store-and-forward analog to "forward secrecy".

But wait, i hear you saying, i have a special need to store cleartext
indexes but it's really bad for me to store session keys! Maybe
(let's imagine) i get lots of e-mails with incriminating photos
attached, and i want to be able to search for them by the text in the
e-mail, but i don't want someone with access to the index to be
actually able to see the photos themselves.

Fret not, the next patch in this series will support your wacky
uncommon use case.

doc/man1/notmuch-config.rst		diff \| blob \| history
doc/man1/notmuch-insert.rst		diff \| blob \| history
doc/man1/notmuch-new.rst		diff \| blob \| history
doc/man1/notmuch-reindex.rst		diff \| blob \| history
doc/man7/notmuch-properties.rst		diff \| blob \| history
lib/index.cc		diff \| blob \| history
test/T357-index-decryption.sh		diff \| blob \| history
util/crypto.c		diff \| blob \| history