re-organize webmail

[notmuch-wiki] / meetings / hd2015.mdwn

diff --git a/meetings/hd2015.mdwn b/meetings/hd2015.mdwn
index a9c14790f0d83da73ce1d33f8abd9e89d989cc05..706235602d0898faba0b2580d4a91e115020f3bc 100644 (file)
--- a/meetings/hd2015.mdwn
+++ b/meetings/hd2015.mdwn
@@ -20,32 +20,40 @@ Moving parts for secure e-mail
 * GnuPG (C)
 * Emacs UI (emacs lisp)
   * notmuch-emacs
-  * mml-mode
+  * mml-mode, mm multimedia rendering library
 * Alot / nmbug / nmbug-status (python)
   * python-bindings
 * webmail:
   * noservice (Clojure)
   * notmuch web (Haskell)
 
-Security concerns
------------------
-* wrong key selection during composition
-* reply (message mode defaults)
-* inline PGP
+Security and privacy concerns
+-----------------------------
+* privacy leaks rendering messages
 * message-id collisions
-* webmail authentication/authorization (muliple users?)
-* webmail message escaping (XSS, etc)
+* Oops I just sent...
+  * wrong key selection during composition
+  * reply (message mode defaults)
+  * opportunistic signing and encryption
+* inline PGP
+* webmail
+  * authentication/authorization (multiple users?)
+  *  message escaping (XSS, etc)
 * shell injection
 * terminal escape sequences
 * S/MIME support
+  * signatures
+  * encryption
+  * integration with other keyrings
 * reproducible builds:
   [sphinx man pages](https://reproducible.debian.net/rb-pkg/testing/amd64/notmuch.html)
 
-### usability as security?
+Usability as security?
+----------------------
 
 * indexing encrypted mail
 * Memory Hole protected headers
-* key selection indicators during compositoin
+* key selection indicators during composition
 
 
 Breakout sessions
@@ -60,22 +68,9 @@ Reportbacks
 
 -------------------------
 
-proposed session:
----------
-One of (at least my) primary motivations for working on Notmuch is reducing my dependence on cloud services, and supporting the secure sending and receiving of signed and encrypted mail.  Like any realworld piece of software, notmuch is far from perfect, and several areas related to privacy and security could clearly be improved. During this BoF we'd like to plan out some topics to work on in followup hacking sessions. Anyone is welcome, even if they don't feel like hacking on notmuch. Potential topics of discussion andhacking include:
-        * S/MIME signatures and encryption
-        * Improving the security of the Emacs MML mime composer
-        * Searching of GPG encrypted mail
-        * Auditing and fixing "webbug" style problems in front ends
-        * Making notmuch build reproducibly
-
----------
 
 more complete agenda:
 
-        * S/MIME signatures and encryption
-            * test suites
-            * integration with other keyrings
             * signature only (easyish) versus encryption (more work)
         * Improving the security of the Emacs MML mime composer
             * automated "encrypt-when-i-have-keys-available" mode or other convenience functions?