RFC: fully secure SMTP connection for "hg email"
Matt Mackall
mpm at selenic.com
Mon Mar 18 16:59:52 CDT 2013
On Mon, 2013-03-18 at 15:53 -0500, Kevin Bullock wrote:
> On Mar 18, 2013, at 3:11 PM, Matt Mackall wrote:
>
> > On Mon, 2013-03-18 at 01:42 +0900, FUJIWARA Katsunori wrote:
> >> 3. do nothing any more in Mercurial
> >>
> >> for fully secure SMTP connection, users should use some external
> >> tools supporting STARTTLS/SMTPS with valid cacerts
> >>
> >> it should bore users, especially on Windows (for limited/un-easy
> >> options)
> >
> > Here are the possible things a MITM attacker can do here:
> >
> > a) tamper with an email
> > b) blackhole an email
> > c) read a secret email
> > d) forge an email
> > e) intercept SMTP auth login credentials (for plain auth modes)
> >
> > But if we presume MITM capability, we can usually do (a) through (c) on
> > the insecure delivery side of the SMTP server instead. And of course, we
> > don't need MITM at all for (d).
> >
> > So I would rate (a) through (d) as "meh". These are the sort of things
> > we're supposed to use GPG for (there's a good little project for
> > someone).
>
> GSoC project? :)
I don't think it's quite big enough for a whole GSoC project, but I can
see "improved signing support" as a possibility.
We have two incompatible signature extensions at the moment, and neither
of them see much use. It's also hard to see how they'll work with
evolve.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list