[sup-talk] GPG Support

Archive of RubyForge sup-talk mailing list
 help / color / mirror / Atom feed

From: sup@chrislee.dhs.org (Chris Lee)
Subject: [sup-talk] GPG Support
Date: Thu, 17 May 2007 17:24:11 -0400	[thread overview]
Message-ID: <D55C81AD71647428E7B489B6@Sumatra.local> (raw)

Jeff,

GPG support is coming along nicely right now. There are some shortcomings 
my speedy implementation that I need feedback on.

1. If all email addresses of an email have keys, then, and only then, do I 
encrypt the email
  - this means if you have highly sensitive info, and you miskey an 
address, whoops it goes out unencrypted
  * I need a way to know if the user want to encrypt and/or sign an email 
and then alert him/her if I don't have all the required keys.
2. I don't sign any email right now :(
3. There is no mechanism to lookup keys from keyservers (e.g., --recv-key)
  * We'll probably need a separate Manager to handle this
4. The sources.yaml file is pgp encrypted now.  However, it'd be nice to 
extend protections to non-pgp users.  Should I use openssl to encrypt the 
config file and then have the pgp password(s) in there?
5. I only use one GPG private key, which is not tied to the sending address 
(it's specified in config.yaml).  This should be easy to fix if I store all 
the passphrases in an encrypted file.
  * Do you need this feature?
6. You'll have to encrypt your sources.yaml file manually before the first 
time you launch sup with pgp support.
  * add :gpgkey: to config.yaml
 :accounts:
  :default:
    :name: Chris Lee
    :signature: /Users/chris/.signature
    :sendmail: /usr/local/bin/esmtp -t
    :email: 3v1l at n0spz.net
    :alternates: []
    :gpgkey: 14E44DBF
  * gpg -a -e -r yourself sources.yaml
  * cp sources.yaml.asc sources.yaml
  * rm sources.yaml.bak

  * is there a better way to do this transition?
7. This totally breaks sup-add, sup-sync, and anything else that reads 
sources.yaml right now
  * this should also be easy to fix

Chris

next             reply	other threads:[~2007-05-17 21:24 UTC|newest]

Thread overview: 3+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2007-05-17 21:24 Chris Lee [this message]
2007-06-19  0:00 ` jeff covey
2007-07-04  2:55   ` William Morgan

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=D55C81AD71647428E7B489B6@Sumatra.local \
    --to=sup@chrislee.dhs.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox