4 * Bremner and dkg are co-hosting a BoF at [debconf](https://summit.debconf.org/debconf15/meeting/217/improving-privacy-and-security-for-notmuch-mail/).
6 * The meeting is Monday 2015-08-17, 1700-1800 CET
8 * Video streaming should be [available](https://wiki.debconf.org/wiki/DebConf15/Videostream/Amsterdam)
14 Moving parts for secure e-mail
16 * libxapian (C++, full text search)
17 * libgmime (C, glib, RFC822+MIME library)
18 * libnotmuch (C and C++)
19 * /usr/bin/notmuch (C)
21 * Emacs UI (emacs lisp)
24 * Alot / nmbug / nmbug-status (python)
28 * notmuch web (Haskell)
32 * wrong key selection during composition
33 * reply (message mode defaults)
35 * message-id collisions
36 * webmail authentication/authorization (muliple users?)
37 * webmail message escaping (XSS, etc)
39 * terminal escape sequences
41 * reproducible builds:
42 [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
44 ### usability as security?
46 * indexing encrypted mail
47 * Memory Hole protected headers
48 * key selection indicators during compositoin
54 * based on moving part
61 -------------------------
65 One of (at least my) primary motivations for working on Notmuch is reducing my dependence on cloud services, and supporting the secure sending and receiving of signed and encrypted mail. Like any realworld piece of software, notmuch is far from perfect, and several areas related to privacy and security could clearly be improved. During this BoF we'd like to plan out some topics to work on in followup hacking sessions. Anyone is welcome, even if they don't feel like hacking on notmuch. Potential topics of discussion andhacking include:
66 * S/MIME signatures and encryption
67 * Improving the security of the Emacs MML mime composer
68 * Searching of GPG encrypted mail
69 * Auditing and fixing "webbug" style problems in front ends
70 * Making notmuch build reproducibly
76 * S/MIME signatures and encryption
78 * integration with other keyrings
79 * signature only (easyish) versus encryption (more work)
80 * Improving the security of the Emacs MML mime composer
81 * automated "encrypt-when-i-have-keys-available" mode or other convenience functions?
82 * can an adversary force signatures based on quoted text?
83 * generate memory-hole-style messages
84 * Searching of GPG encrypted mail
85 * possible implementation mechanism: "notmuch reindex --with-filter=decrypt"
86 * Auditing and fixing "webbug" style problems in front ends
87 * can we instruct emacs to restrict all network access from notmuch?
88 * what other frontends might call out to the network?
89 * Making notmuch build reproducibly
90 * https://reproducible.debian.net/rb-pkg/unstable/amd64/notmuch.html
91 * Protect against spoofed signature verification?
92 * how do we deal with multipart messages where only a subtree is signed?
93 * are other sorts of spoofing possible?
94 * read and display memory-hole-style messages
95 * "safe" ways to display html parts (e.g. without text/plain alternatives)