Open Bug 348592 Opened 18 years ago Updated 8 years ago

consider smime signing bugmail

Categories

(Bugzilla :: Email Notifications, enhancement, P5)

2.20
enhancement

Tracking

()

People

(Reporter: timeless, Unassigned)

Details

i know this is pretty silly, but i have reasons.

could someone investigate whether it would be possible for bugzilla-daemon's mail to be signed?

by signed, I mean SMIME, not PGP/GPG, my mail clients don't support random plugins, nor do I have any control over my mail clients. The idea is to make it possible for standard mail apps to indicate that they can affirm that mail from bugzilla-daemon is really from bugzilla-daemon.
bmo can't do it until Bugzilla supports it.  I'm not aware that this feature exists in Bugzilla.
Assignee: justdave → email-notifications
Component: Bugzilla: Other b.m.o Issues → Email Notifications
OS: SunOS → All
Product: mozilla.org → Bugzilla
QA Contact: myk → default-qa
Hardware: PC → All
Version: other → 2.20
Priority: -- → P5
The security landscape has changed a lot since 2006.  I think it would be useful to not only be able to sign outgoing messages, but also encrypt messages for security bugs.

Here's a proposal for how this might work:
- Add a way to configure a public/private key pair for the Bugzilla server (for signing).
- Add a per-user configuration option to provide a public key in their profile.
- Add a per-component option to either sign or encrypt outgoing messages.  (This may cause messages not to be sent for email addresses who don't have a public key on file, for example.)
You need to log in before you can comment on or make changes to this bug.