oss-sec mailing list archives

Re: accepting new members to (linux-)distros lists

From: Kristian Fiskerstrand <k_f () gentoo org>
Date: Mon, 3 Jul 2017 14:35:55 +0200

On 07/02/2017 10:58 PM, Anthony Liguori wrote:

On Jul 2, 2017 1:38 PM, "Kristian Fiskerstrand"<k_f () gentoo org> wrote:

The immediate thought that springs to mind is the [lack of OpenPGP
support in bugzilla] which makes it difficult to ensure confidentiality
unless disabling all email warnings.


I would just assume all email is disabled.  I don't know of a tool that
does this right so for security sensitive things, I think disabling email
notification is a best practice.


It wouldn't take much to have a tool that does, mainly what I outline in
the previous post to ensure OpenPGP keyblock management for the
individual users, and as an extension of the scope for that perhaps a
[MemoryHole] implementation to ensure confidentiality / integrity
verification of the RFC822 headers such as Subject. Enigmail users
should already have such support read-only[Note:A]

References:
[MemoryHole]
http://modernpgp.org/memoryhole/
https://wiki.gnupg.org/OpenPGPEmailSummit201607/MemoryHole

Notes:
[Note:A] to toggle it on encrypted subjects on sending you'd use
extensions.enigmail.protectHeaders


-- 
Kristian Fiskerstrand
OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net
fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

Re: accepting new members to (linux-)distros lists, (continued)
- - Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
    - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
    - Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
    - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
  - Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
    - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
  - Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
    - Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
    - Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
    - Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
    - Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
  - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
    - Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
    - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
    - Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
    - Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
    - Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)
    - Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
    - Re: accepting new members to (linux-)distros lists Solar Designer (Jul 25)
    - Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)

(Thread continues...)