X-Git-Url: https://git.cworth.org/git?a=blobdiff_plain;f=meetings%2Fhd2015.mdwn;h=706235602d0898faba0b2580d4a91e115020f3bc;hb=43f0b1e82ee56387330ee084ab161bced8300438;hp=1e4b78f29ad675e532fd2fda33ed111b64af6c0a;hpb=937505e62e6c7a155dfbd13021360dcbec8fb9c8;p=notmuch-wiki

diff --git a/meetings/hd2015.mdwn b/meetings/hd2015.mdwn
index 1e4b78f..7062356 100644
--- a/meetings/hd2015.mdwn
+++ b/meetings/hd2015.mdwn
@@ -20,28 +20,36 @@ Moving parts for secure e-mail
 * GnuPG (C)
 * Emacs UI (emacs lisp)
   * notmuch-emacs
-  * mml-mode
+  * mml-mode, mm multimedia rendering library
 * Alot / nmbug / nmbug-status (python)
   * python-bindings
 * webmail:
   * noservice (Clojure)
   * notmuch web (Haskell)
 
-Security concerns
------------------
-* wrong key selection during composition
-* reply (message mode defaults)
-* inline PGP
+Security and privacy concerns
+-----------------------------
+* privacy leaks rendering messages
 * message-id collisions
-* webmail authentication/authorization (multiple users?)
-* webmail message escaping (XSS, etc)
+* Oops I just sent...
+  * wrong key selection during composition
+  * reply (message mode defaults)
+  * opportunistic signing and encryption
+* inline PGP
+* webmail
+  * authentication/authorization (multiple users?)
+  *  message escaping (XSS, etc)
 * shell injection
 * terminal escape sequences
 * S/MIME support
+  * signatures
+  * encryption
+  * integration with other keyrings
 * reproducible builds:
   [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
 
-### usability as security?
+Usability as security?
+----------------------
 
 * indexing encrypted mail
 * Memory Hole protected headers
@@ -60,18 +68,9 @@ Reportbacks
 
 -------------------------
 
-proposed session:
----------
-        * Improving the security of the Emacs MML mime composer
-        * Searching of GPG encrypted mail
-        * Auditing and fixing "webbug" style problems in front ends
----------
 
 more complete agenda:
 
-        * S/MIME signatures and encryption
-            * test suites
-            * integration with other keyrings
             * signature only (easyish) versus encryption (more work)
         * Improving the security of the Emacs MML mime composer
             * automated "encrypt-when-i-have-keys-available" mode or other convenience functions?