feat: Don't copy References and In-Reply-To to outer headers #7425
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
iequidoo
force-pushed
the
iequidoo/rm-outer-references-hdr
branch
from
0b47207 to
536c733
Compare
iequidoo
force-pushed
the
iequidoo/rm-outer-references-hdr
branch
from
536c733 to
985aef5
Compare
…yption state instead Instead, prefetch Secure-Join, Content-Type and Subject headers, try to find out if the message is encrypted, i.e.: - if its Content-Type is "multipart/encrypted" - or Subject is "..." or "[...]" as some MUAs use "multipart/mixed"; we can't only look at Subject as it's not mandatory; and depending on this decide on the target folder and whether the message should be downloaded. There's no much sense in downloading unencrypted "Chat-Version"-containing messages if `ShowEmails` is `Off` or `AcceptedContacts`, unencrypted Delta Chat messages should be considered as usual emails, there's even the "New E-Mail" feature in UIs nowadays which sends such messages. Don't prefetch Auto-Submitted as well, this becomes unnecessary. Changed behavior: before, "Chat-Version"-containing messages were moved from INBOX to DeltaChat, now such encrypted messages may remain in INBOX -- if there's no parent message or it's not `MessengerMessage`. Don't unconditionally move encrypted messages yet because the account may be shared with other software which doesn't and shouldn't look into the DeltaChat folder.
There was a comment that group messages should always be downloaded to avoid inconsistent group state, but this is solved by the group consistency algo nowadays in the sense that inconsistent group state won't spread to other members if we send to the group. Moreover, encrypted messages are now always downloaded, and unencrypted chat replies too, and as for ad-hoc groups, `Config::ShowEmails` controls everything.
Before, only replies to chat messages were moved to the mvbox because we're removing Chat-Version from outer headers, but there's no much sense in moving only replies and not moving original messages and MDNs. Instead, move all encrypted messages. Users should be informed about this in UIs, so if a user has another PGP-capable MUA, probably they should disable MvboxMove. Moreover, untying this logic from References and In-Reply-To allows to remove them from outer headers too, the "Header Protection for Cryptographically Protected Email" RFC even suggests such a behavior: https://datatracker.ietf.org/doc/html/rfc9788#name-offering-more-ambitious-hea.
Chat-Version is used sometimes by Sieve filters to move messages to DeltaChat folder: https://github.com/mailcow/mailcow-dockerized/blob/37beed6ad93f259b97cad41877982bce95295629/data/conf/dovecot/global_sieve_before This probably prevents notifications to MUAs that don't watch DeltaChat but watch INBOX. There are however disadvantages to exposing Chat-Version: 1. Spam filters may not like this header and it is difficult or impossible to tell if `Chat-Version` plays role in rejecting the message or delivering it into Spam folder. If there is no such header visible to the spam filter, this possibility can be ruled out. 2. Replies to chat messages may have no `Chat-Version` but have to be moved anyway. 3. The user may have no control over the Sieve filter, but it comes preconfigured in mailcow, so it is not possible to disable it on the client. Thanks to link2xt for providing this motivation. NOTE: Old Delta Chat will assign partially downloaded replies to an ad-hoc group with the sender instead of the 1:1 chat, but we're removing partial downloads anyway.
Before, copying Auto-Submitted to the outer headers was needed for moving such messages, e.g. multi-device sync messages, to the DeltaChat folder. Now all encrypted messages are moved.
iequidoo
force-pushed
the
iequidoo/rm-outer-references-hdr
branch
from
985aef5 to
5d28118
Compare
This implements the suggestion from https://www.rfc-editor.org/rfc/rfc9788.html#name-offering-more-ambitious-hea of "Header Protection for Cryptographically Protected Email".
iequidoo
force-pushed
the
iequidoo/rm-outer-references-hdr
branch
from
5d28118 to
88fae8b
Compare
Collaborator
Author
|
So, only two tests on partial downloads broke, but this will be fixed by pre-messages anyway. Would be good to remove these outer heaaders as well, this way an eavesdropper can't group encrypted messages into chats/threads |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Based on #7405 actually (look a the last commit only)
This is an experimental PR implementing the suggestion from
https://www.rfc-editor.org/rfc/rfc9788.html#name-offering-more-ambitious-hea of "Header Protection for Cryptographically Protected Email".