X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=meetings%2Fhd2015.mdwn;h=0d4292ca673a0d02dfc0399fc48f66150822f807;hb=c5002da580f38cdb3acf84db30b7ab401b2a0709;hp=1e4b78f29ad675e532fd2fda33ed111b64af6c0a;hpb=937505e62e6c7a155dfbd13021360dcbec8fb9c8;p=notmuch-wiki diff --git a/meetings/hd2015.mdwn b/meetings/hd2015.mdwn index 1e4b78f..0d4292c 100644 --- a/meetings/hd2015.mdwn +++ b/meetings/hd2015.mdwn @@ -20,33 +20,47 @@ Moving parts for secure e-mail * GnuPG (C) * Emacs UI (emacs lisp) * notmuch-emacs - * mml-mode + * mml-mode, mm multimedia rendering library * Alot / nmbug / nmbug-status (python) * python-bindings * webmail: * noservice (Clojure) * notmuch web (Haskell) -Security concerns ------------------ -* wrong key selection during composition -* reply (message mode defaults) -* inline PGP +Security and privacy concerns +----------------------------- * message-id collisions -* webmail authentication/authorization (multiple users?) -* webmail message escaping (XSS, etc) +* rendering "rich" messages + * network access in front ends + * safe rendering of HTML +* rendering security information + * spoofing signatures + * partially signed messages +* Oops I just sent... + * wrong key selection during composition + * reply (message mode defaults) + * opportunistic signing and encryption + * using markup for security +* inline PGP +* webmail + * authentication/authorization (multiple users?) + * message escaping (XSS, etc) * shell injection * terminal escape sequences * S/MIME support + * signatures + * encryption + * integration with other keyrings * reproducible builds: [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html) -### usability as security? +Usability as security? +---------------------- -* indexing encrypted mail +* Indexing encrypted mail + * incremental re-indexing? * Memory Hole protected headers -* key selection indicators during composition - +* Key selection indicators during composition Breakout sessions ----------------- @@ -57,37 +71,3 @@ Reportbacks ----------- - -------------------------- - -proposed session: ---------- - * Improving the security of the Emacs MML mime composer - * Searching of GPG encrypted mail - * Auditing and fixing "webbug" style problems in front ends ---------- - -more complete agenda: - - * S/MIME signatures and encryption - * test suites - * integration with other keyrings - * signature only (easyish) versus encryption (more work) - * Improving the security of the Emacs MML mime composer - * automated "encrypt-when-i-have-keys-available" mode or other convenience functions? - * can an adversary force signatures based on quoted text? - * generate memory-hole-style messages - * Searching of GPG encrypted mail - * possible implementation mechanism: "notmuch reindex --with-filter=decrypt" - * Auditing and fixing "webbug" style problems in front ends - * can we instruct emacs to restrict all network access from notmuch? - * what other frontends might call out to the network? - * Making notmuch build reproducibly - * https://reproducible.debian.net/rb-pkg/unstable/amd64/notmuch.html - * Protect against spoofed signature verification? - * how do we deal with multipart messages where only a subtree is signed? - * are other sorts of spoofing possible? - * read and display memory-hole-style messages - * "safe" ways to display html parts (e.g. without text/plain alternatives) - -