[Fwd: Bugmail is less secure than Bug views]
Jason Pyeron
jpyeron at pdinc.us
Wed Jun 13 19:10:14 UTC 2007
From: developers-owner at bugzilla.org [mailto:developers-owner at bugzilla.org]
On Behalf Of Gervase Markham
Jason Pyeron wrote:
> It has been a while since I have worked with S/MIME, it is really simple
> stuff. There should be no need to depend on any new CPAN modules. Just
find
> a package that you can suck into bz and modify it to play nice.
>
> What about*: http://www.mozilla.org/projects/security/pki/nss/smime/
>
> * I have note read the code, but the text seems to fit.
For one thing, that requires all the keys to be stored in an NSS-style
database. I had hoped we could find something that worked like this:
$encryped_message = encrypt($message, $key);
with $key being whatever was pasted in plain text form into the "Insert
Key Here" textbox on the profile page.
What I was saying, was to do just that, absorb the core S/MIME part that
does the mime parsing and sign/encryption.
Then each/any user would add their x509 public cert in their profile select
encrypt or sign on all messages
send(encrypt(sign(msg,bz.prvkey),user.pubkey))
Or
sign(msg,bz.prvkey)
There really is nothing to it, I just wish I had more time.
More information about the developers
mailing list