Hi David, all--
On Sun 2021-02-21 15:21:30 +, David Edmondson wrote:
> I started looking at how to add autocrypt support based on
> https://git.sr.ht/~zge/autocrypt.
Thanks for this work, i'm glad to see the interest in autocrypt!
I tend to think that the autocrypt handling belongs in libnotmuch, and
not just in the emacs frontend, so i'm a bit concerned about what we'll
have to prune out of the emacs frontend if we do manage to land the
features in libnotmuch itself.
I want it in libnotmuch and in the cli because:
a) i want the database to hold the autocrypt tables, so that it can be
dumped/restored between notmuch-based clients
b) i want non-emacs frontends of notmuch to be able to make use of it
relatively easily.
that said, i've failed to get the code into shape for libnotmuch yet,
and i also don't want to block this work -- i want to see more autocrypt
adoption generally, and i'm feeling guilty for having been so tardy in
getting ito into notmuch.
My general outline for getting autocrypt into notmuch is the following
list of steps. it's a fairly long list, but each step shouldn't be a
huge amount of work.
0) augment the database so that it can store the autocrypt "peers"
table and the autocrypt "accounts" table, and they can be dumped and
restored. see
https://autocrypt.org/level1.html#autocrypt-internal-state
1) add a configuration option that affects "notmuch
{new,insert,reindex}" that ingests the loading of autocrypt headers
according to the standard policy for updating the peer state (see
https://autocrypt.org/level1.html#updating-autocrypt-peer-state)
2) add a configuration option that affects "notmuch
{new,insert,reindex}" that enables detection of any Autocrypt Setup
Message from another client sharing the same inbox, and adjusts the
"accounts" table appropriately.
3) add a "notmuch autocrypt" subcommand with its own subsubcommands:
"notmuch autocrypt enable [mutual]" and "notmuch autocrypt
disable " -- these subsubcommands update the "accounts" table
as well.
4) add "notmuch autocrypt generate-setup-message" subsubcommand for
enabled accounts that produces its own self-targeted Autocrypt Setup
Message on stdout, which can be injected into the mailsystem
by the user's notmuch setup.
5) Add "notmuch autocrypt prune" subsubcommand which clears accumulated
cruft from the autocrypt peers table
6) in libnotmuch, if is a source e-mail address, and is a
set of destination addresses, add is a
boolean, a new function notmuch_autocrypt_recommendation(,
, ) that returns an Autocrypt
Recommendation (ui-recommendation and a set of target-keys, see
https://autocrypt.org/level1.html#provide-a-recommendation-for-message-encryption)
7) add a new subsubcommand that exposes
notmuch_autocrypt_recommendation() to the cli.
8) emacs frontend work during message composition (i have no idea how
to do this) -- dynamically adjust the message composition buffer as
the from, to, cc, and bcc fields change to show the current
autocrypt recommendation status, in combination with the ability for
the user to manually turn on encryption (if available) or off (if on
by default).
9) more emacs frontend work -- at send time (at the end of composition)
if the autocrypt recommendation is encrypt, or if it's available and
the user has manually turned it on, encrypt the message using
standard autocrypt format (which is just PGP/MIME, using the
recommended keys).
It's possible that (9) could be replaced with a new subcommand like
"notmuch send" which could have a "--autocrypt-checked" argument, such
that the notmuch cli actually does the full encryption for the user, or
acts as some sort of filter for the outgoing message. there might also
be some library-level work that could use notmuch and gmime to translate
the message this way; I haven't really pieced those things together, or
how they would integrate into the emacs frontend, but the steps laid out
above seem to be necessary for that to happen in either case.
I'd love any collaboration on this -- especially for the parts that i
don't know how to do at all, like the emacs composition window frontend
-- but also on the earlier parts, as i've been procrastinating on it for
too long.
David, do you think this plan will collide with the series you're
proposing? do you see problems or downsides with the plan sketched here
(other than it not existing 😛)?
> Sending seems straightforward, as far as I understand autocrypt, at
> least.
https://autocrypt.org and the #autocrypt channel on freenode are both
good resources for understanding autocrypt in more detail, fwiw.
--dkg
signature.asc
Description: PGP signature
___
notmuch mailing list -- notmuch@notmuchmail.org
To unsubscribe send an email to notmuch-le...@notmuchmail.org
