4 * Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).
6 * The meeting is Monday 2015-08-17, 1700-1800 CET
8 * Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)
14 Moving parts for secure e-mail
16 * libxapian (C++, full text search)
17 * libgmime (C, glib, RFC822+MIME library)
18 * libnotmuch (C and C++)
19 * /usr/bin/notmuch (C)
21 * Emacs UI (emacs lisp)
23 * mml-mode, mm multimedia rendering library
24 * Alot / nmbug / nmbug-status (python)
28 * notmuch web (Haskell)
30 Security and privacy concerns
31 -----------------------------
32 * message-id collisions
33 * rendering "rich" messages
34 * network access in front ends
35 * safe rendering of HTML
36 * rendering security information
38 * partially signed messages
40 * wrong key selection during composition
41 * reply (message mode defaults)
42 * opportunistic signing and encryption
43 * using markup for security
46 * authentication/authorization (multiple users?)
47 * message escaping (XSS, etc)
49 * terminal escape sequences
53 * integration with other keyrings
54 * reproducible builds:
55 [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
57 Usability as security?
58 ----------------------
60 * Indexing encrypted mail
61 * incremental re-indexing?
62 * Memory Hole protected headers
63 * Key selection indicators during composition
68 * based on moving part