Open
Bug 943052
Opened 11 years ago
Updated 10 years ago
Implement the ability to verify signed emails to authenticate the sender
Categories
(Bugzilla :: Incoming Email, enhancement)
Bugzilla
Incoming Email
Tracking
()
NEW
People
(Reporter: LpSolit, Unassigned)
Details
email_in.pl lets you create and update bugs by email, but we currently have no authentication mechanism to verify that the sender is really who he pretends to be. This means that many public installations probably don't use email_in.pl to avoid spam/impersonation. We should allow users to upload their public PGP key (via the web interface!) so that Bugzilla can later verify that the sender of the incoming email is really the one he pretends to be. A parameter could control how email_in.pl works: accept all incoming emails or only signed ones or nothing (disabled).
Reporter | ||
Comment 1•11 years ago
|
||
We could use Crypt::OpenPGP. It's a pity it has so many dependencies, though.
Reporter | ||
Comment 2•10 years ago
|
||
For compatibility with the bmo's SecureMail extension, we should add the profiles.public_key column, of type LONGTEXT. This doesn't mean we must accept strings which are 16 MB long. :)
You need to log in
before you can comment on or make changes to this bug.
Description
•