4 * Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).
6 * The meeting is Monday 2015-08-17, 1700-1800 CET
8 * Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)
14 Moving parts for secure e-mail
16 * libxapian (C++, full text search)
17 * libgmime (C, glib, RFC822+MIME library)
18 * libnotmuch (C and C++)
19 * /usr/bin/notmuch (C)
21 * Emacs UI (emacs lisp)
24 * Alot / nmbug / nmbug-status (python)
28 * notmuch web (Haskell)
32 * wrong key selection during composition
33 * reply (message mode defaults)
35 * message-id collisions
36 * webmail authentication/authorization (multiple users?)
37 * webmail message escaping (XSS, etc)
39 * terminal escape sequences
41 * reproducible builds:
42 [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
44 ### usability as security?
46 * indexing encrypted mail
47 * Memory Hole protected headers
48 * key selection indicators during composition
54 * based on moving part
61 -------------------------
65 * Improving the security of the Emacs MML mime composer
66 * Searching of GPG encrypted mail
67 * Auditing and fixing "webbug" style problems in front ends
72 * S/MIME signatures and encryption
74 * integration with other keyrings
75 * signature only (easyish) versus encryption (more work)
76 * Improving the security of the Emacs MML mime composer
77 * automated "encrypt-when-i-have-keys-available" mode or other convenience functions?
78 * can an adversary force signatures based on quoted text?
79 * generate memory-hole-style messages
80 * Searching of GPG encrypted mail
81 * possible implementation mechanism: "notmuch reindex --with-filter=decrypt"
82 * Auditing and fixing "webbug" style problems in front ends
83 * can we instruct emacs to restrict all network access from notmuch?
84 * what other frontends might call out to the network?
85 * Making notmuch build reproducibly
86 * https://reproducible.debian.net/rb-pkg/unstable/amd64/notmuch.html
87 * Protect against spoofed signature verification?
88 * how do we deal with multipart messages where only a subtree is signed?
89 * are other sorts of spoofing possible?
90 * read and display memory-hole-style messages
91 * "safe" ways to display html parts (e.g. without text/plain alternatives)