oss-sec mailing list archives
Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists)
From: Kristian Fiskerstrand <k_f () gentoo org>
Date: Mon, 3 Jul 2017 15:37:38 +0200
[Changing subject as it has likely gone too off target with the previous one] On 07/03/2017 02:35 PM, Kristian Fiskerstrand wrote:
On 07/02/2017 10:58 PM, Anthony Liguori wrote:On Jul 2, 2017 1:38 PM, "Kristian Fiskerstrand"<k_f () gentoo org> wrote:The immediate thought that springs to mind is the [lack of OpenPGP support in bugzilla] which makes it difficult to ensure confidentiality unless disabling all email warnings.I would just assume all email is disabled. I don't know of a tool that does this right so for security sensitive things, I think disabling email notification is a best practice.It wouldn't take much to have a tool that does, mainly what I outline in the previous post to ensure OpenPGP keyblock management for the individual users, and as an extension of the scope for that perhaps a [MemoryHole] implementation to ensure confidentiality / integrity verification of the RFC822 headers such as Subject. Enigmail users should already have such support read-only[Note:A]
Just to add that when I say read only here it goes to the encrypted subject aspect of things (as, perhaps, inferred from the note). Enigmail should already, by default, use MemoryHole for signed messages in OpenPGP/MIME mode, which should be visible as a separate first MIME part e.g of this email. -- Kristian Fiskerstrand OpenPGP keyblock reachable at hkp://pool.sks-keyservers.net fpr:94CB AFDD 3034 5109 5618 35AA 0B7F 8B60 E3ED FAE3
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Re: accepting new members to (linux-)distros lists, (continued)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 02)
- Re: accepting new members to (linux-)distros lists Mark Hatle (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 02)
- Re: accepting new members to (linux-)distros lists Anthony Liguori (Jul 02)
- Re: accepting new members to (linux-)distros lists gremlin (Jul 03)
- Re: accepting new members to (linux-)distros lists Kristian Fiskerstrand (Jul 03)
- Bugzilla implementation of OpenPGP and Memory Hole (Was: Re: [oss-security] accepting new members to (linux-)distros lists) Kristian Fiskerstrand (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists Solar Designer (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 03)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)
- Re: accepting new members to (linux-)distros lists Henri Salo (Jul 25)
- Re: accepting new members to (linux-)distros lists John Haxby (Jul 25)