Disroot
/
gpg-lacre
9
15
Fork 4
Code Issues 29 Pull Requests 1 Releases 2 Wiki Activity

Decission - Allow key upload only from set of domains? #40

New Issue
Closed
opened 2021-11-02 11:50:10 +01:00 by muppeth · 5 comments
muppeth commented 2021-11-02 11:50:10 +01:00
Owner
Copy Link

Currently you can upload keys from any domain you wish. As long as you manage to verify that you own the email address through verification mail sent uplon upload of the key. Perhaps for the scope of the project we should have an option to limit amount of domains you can submit keys from.
Generally I would allow only domains that are tight to the mail server, so basically give only the users of the server the possibility to upload keys.

Currently you can upload keys from any domain you wish. As long as you manage to verify that you own the email address through verification mail sent uplon upload of the key. Perhaps for the scope of the project we should have an option to limit amount of domains you can submit keys from. Generally I would allow only domains that are tight to the mail server, so basically give only the users of the server the possibility to upload keys.
muppeth added this to the mailgate web improvements milestone 2021-11-02 11:50:10 +01:00
muppeth added the
FEEDBACK
 label 2021-11-02 11:50:10 +01:00
muppeth self-assigned this 2021-11-02 11:50:10 +01:00
pfm was assigned by muppeth 2021-11-02 11:50:10 +01:00
antilopa was assigned by muppeth 2021-11-02 11:50:10 +01:00
meaz commented 2021-11-02 15:38:41 +01:00
Owner
Copy Link

What would be cons and pros of both solutions?

What would be cons and pros of both solutions?
muppeth commented 2021-11-02 16:00:20 +01:00
Author
Owner
Copy Link

Pros would be:

  • People oculd upload keys if we use lacre also as public key server
  • (untested) people could upload their keys to the server so all outgoing email addressed to them even if they arent on that server would be encrypted (that means that even if the person that sends email wouldn't have your key it would get encrypted on server level)

Cons:

  • At this stage that could be potentially abused
  • People could be uploading keys and forgetting about them wen key is revoked etc.

Comming to think of it, now when wrote it down, perhaps that feature would be more useful then I initially thought :). Uploading your key to the server even if you aren't on it, would guarantee all emails originating from the server and addressed to you to be encrypted.

Pros would be: - People oculd upload keys if we use lacre also as public key server - (untested) people could upload their keys to the server so all outgoing email addressed to them even if they arent on that server would be encrypted (that means that even if the person that sends email wouldn't have your key it would get encrypted on server level) Cons: - At this stage that could be potentially abused - People could be uploading keys and forgetting about them wen key is revoked etc. Comming to think of it, now when wrote it down, perhaps that feature would be more useful then I initially thought :). Uploading your key to the server even if you aren't on it, would guarantee all emails originating from the server and addressed to you to be encrypted.
👍 2
muppeth commented 2021-11-04 13:16:24 +01:00
Author
Owner
Copy Link

After few days of thinking about it I came to conclusion leaving it as is is good idea. Since key upload needs to be verified it means you can't really abuse it. In later stage we should perhaps introduce preventing key uploads from non-permitted list of domains as an option in the web interface. Additionally once we have roundcube plugin for upload of keys one could simply disable web interface which means only roundcube user could submit the keys and therefor only authenticated users could submit keys only to their email addresses.

After few days of thinking about it I came to conclusion leaving it as is is good idea. Since key upload needs to be verified it means you can't really abuse it. In later stage we should perhaps introduce preventing key uploads from non-permitted list of domains as an option in the web interface. Additionally once we have roundcube plugin for upload of keys one could simply disable web interface which means only roundcube user could submit the keys and therefor only authenticated users could submit keys only to their email addresses.
👍 2
pfm commented 2022-01-10 21:36:01 +01:00
Collaborator
Copy Link

Conclusion from the 2022-01-10 meeting: perhaps a configuration option would be a solution? Administrators would decide whether they want to limit domains or not.

Conclusion from the 2022-01-10 meeting: perhaps a configuration option would be a solution? Administrators would decide whether they want to limit domains or not.
muppeth commented 2022-10-11 16:42:07 +02:00
Author
Owner
Copy Link

issue created on FE repo Lacre/lacre-web#4

issue created on FE repo https://git.disroot.org/Lacre/lacre-web/issues/4
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
main
error-handling
uncoupleFE
fe_theme_st
php_update
muppdev
v0.2.2
v0.2.1
v0.2
v0.2-RC3
v0.2-RC2
v0.2-RC1
PII-2
PII-1
v0.1
v0.1-RC2
v0.1-RC1
failed-tests
Labels
Clear labels   
ANSIBLE

   
BUG

Something that's not working properly

  
CODE

   
DEVELOPMENT

   
DOCUMENTATION

Documentation

  
FEEDBACK

Suggestions and comments

  
FIX

A solution or patch for an issue

  
HOWTOs

Guides and tutorials

  
IDEA

Potential improvements and things to consider when time allows

  
INFRA

   
ISSUE

A problem

  
MAILSERVER

   
TESTS

   
To-Be-Reviewed

We should discuss these issues and decide what to do about them. They are candidates to be closed without further action or their scope might change.

  
WEB

   
WEBSITE

Lacre website related

No Label
ANSIBLE
BUG
CODE
DEVELOPMENT
DOCUMENTATION
FEEDBACK
FIX
HOWTOs
IDEA
INFRA
ISSUE
MAILSERVER
TESTS
To-Be-Reviewed
WEB
WEBSITE
Milestone
Clear milestone
No items
No Milestone
mailgate web improvements
Assignees
Clear assignees
No Assignees
muppeth
pfm
antilopa
3 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Disroot/gpg-lacre#40
No description provided.
Delete Branch "%!s(<nil>)"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?