oss-sec mailing list archives
Re: accepting new members to (linux-)distros lists
From: Kristian Fiskerstrand <k_f () gentoo org>
Date: Mon, 3 Jul 2017 14:35:55 +0200
On 07/02/2017 10:58 PM, Anthony Liguori wrote:
On Jul 2, 2017 1:38 PM, "Kristian Fiskerstrand"<k_f () gentoo org> wrote:The immediate thought that springs to mind is the [lack of OpenPGP support in bugzilla] which makes it difficult to ensure confidentiality unless disabling all email warnings.I would just assume all email is disabled. I don't know of a tool that does this right so for security sensitive things, I think disabling email notification is a best practice.
It wouldn't take much to have a tool that does, mainly what I outline in the previous post to ensure OpenPGP keyblock management for the individual users, and as an extension of the scope for that perhaps a [MemoryHole] implementation to ensure confidentiality / integrity verification of the RFC822 headers such as Subject. Enigmail users should already have such support read-only[Note:A] References: [MemoryHole] http://modernpgp.org/memoryhole/ https://wiki.gnupg.org/OpenPGPEmailSummit201607/MemoryHole Notes: [Note:A] to toggle it on encrypted subjects on sending you'd use extensions.enigmail.protectHeaders -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: accepting new members to (linux-)distros lists, (continued)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Stiepan (Jul 01)
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
- Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)