[asterisk-users] Security communication dilemma: your help needed
Tzafrir Cohen
tzafrir.cohen at xorcom.com
Fri Jan 9 15:36:24 CST 2009
On Fri, Jan 09, 2009 at 04:05:01PM -0500, John Todd wrote:
>
>
> Dilemma: Digium will sometimes receive requests to send GPG-encrypted
> mail dealing with security issues. This works somewhat poorly for
> email role accounts where there are multiple recipients on a single
> address. If there exists a better way to do this that doesn't involve
> a lot of customization, let me know and we'll see if it will do the
> right thing, otherwise we'll continue with the functional but somewhat
> awkward current method.
>
> Current procedure: An individual will reply back, and create a 1:1
> signed exchange with the original correspondent. Then, the Digium
> staffer will relay the data (with relevant GPG keys) to each other
> Digium staff member who may be involved.
>
> Desired procedure: A public key signature method would be publicly
> available via an SSL web page or various keyservers. Individuals
> could sign messages with the public key. Signed messages sent to
> "security@" would then be decrypted, and re-encrypted with the
> security@ key and sent to the small list of end recipients. Any
> recipients who replied back to the message would have the process
> happen in reverse, and also have copies if the reply sent (encrypted)
> to the other members of this email "exploder" as well as the external
> author.
The output of this is a keyring, that you can later import to your own
personal keyring. See also the Debian package debian-maintainers for a
slightly different approach.
--
Tzafrir Cohen
icq#16849755 jabber:tzafrir.cohen at xorcom.com
+972-50-7952406 mailto:tzafrir.cohen at xorcom.com
http://www.xorcom.com iax:guest at local.xorcom.com/tzafrir
More information about the asterisk-users
mailing list