From d09f41a7f4ef736025de7d3bbeb1e68c2f08a9ae Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 31 Dec 2017 18:09:25 -0500 Subject: [PATCH] NEWS: cleartext indexing section includes session keys These are part and parcel of the same feature, so include the overview here. --- NEWS | 17 +++++++++++++---- 1 file changed, 13 insertions(+), 4 deletions(-) diff --git a/NEWS b/NEWS index 10752fa7..989cc405 100644 --- a/NEWS +++ b/NEWS @@ -43,13 +43,22 @@ Indexing cleartext of encrypted e-mails It's now possible to include the cleartext of encrypted e-mails in the notmuch index. This makes it possible to search your encrypted e-mails with the same ease as searching cleartext. This can be done - on a per-message basis with the --decrypt argument to indexing + on a per-message basis by passing --decrypt=true to indexing commands (new, insert, reindex), or by default by running "notmuch config set index.decrypt true". - Note that the contents of the index are sufficient to roughly - reconstruct the cleartext of the message itself, so please ensure - that the notmuch index itself is adequately protected. DO NOT USE + Encrypted messages whose cleartext is indexed will typically also + have their session keys stashed as properties associated with the + message. Stashed session keys permit rapid rendering of long + encrypted threads, and disposal of expired encryption-capable keys. + If for some reason you want cleartext indexing without stashed + session keys, use --decrypt=nostash for your indexing commands (or + run "notmuch config set index.decrypt nostash"). See `index.decrypt` + in notmuch-config(1) for more details. + + Note that stashed session keys permit reconstruction of the + cleartext of the encrypted message itself, and the contents of the + index are roughly equivalent to the cleartext as well. DO NOT USE this feature without considering the security of your index. Library Changes