[Fwd: Bugmail is less secure than Bug views]
gerv at mozilla.org
Mon Jun 11 16:18:59 UTC 2007
This is an email forwarded with permission from the Mozilla security
group mailing list, on the subject of the fact that Bugzilla access is
now SSL-protected, but bugmail is still transmitted in the clear.
-------- Original Message --------
Subject: Bugmail is less secure than Bug views
Date: Mon, 11 Jun 2007 18:50:56 +0300
From: timeless <timeless at gmail.com>
Reply-To: timeless at gmail.com
To: security-group <security-group at mozilla.org>
Ben Bucksch wrote:
> We already use SSL for bugzilla, so it's hard to get to that.
Gervase Markham wrote:
> Except that every comment is sent out as unsecured bugmail. There is no
> immediate prospect of changing this.
At some point we (myself, a Bugzilla developer, and gerv also) should
consider how to approach this.
One thing would be to have bugmails simply be envelopes indicating bug
changes to secure bugs. another would be to enable users to associate
SMIME/PGP keys with Bugzilla and ask it to SMIME encrypt mail to them.
-- That's the opt in approach. (kinda like the old days where https:
for Bugzilla was optional)
The Bugzilla I'm using commercially ostensibly requires connections
between itself and recipient SMTP servers be secured (and it's somehow
assumed that all mail that arrives at recipient servers is then
-- That's a mandatory approach. (kinda like today where https: for
Bugzilla is required)
It would be nice if the security group at some point gave input about
which path would be preferred. Or how to make such a path.
Note: irc.mozilla.org now has ircs support, and +z which enables you
to require everyone joining a channel use an SSL tunnel (and the
security group uses this feature). So given that we use SSL for real
time communication and for general security views, we probably should
look getting bugmail to a similar level.
Security-group mailing list
Security-group at mozilla.org
More information about the developers