Goal: allow interacting with the forge by email (trackers, project manager, forum, etc.)
Problem: need to be able to secure email (authentication & secrecy)
Means: GPG-sign/encrypt messages
- Users upload public key, even as part of account creation; fingerprint must be unique for active users, maybe not for pending/deleted ones (risk of DOS attack)
- Forge generates key pair
- Also generates/maintains keyring
- Automatically synchronise keyring from public keyservers?
- Signed mail is trusted as coming from the corresponding user. Require encryption too (forge-wide option)?
- extension to session_verify()? Could be session_login_valid(credentials) with credentials=array(login=>foo,password=>bar) or credentials=array(login=>foo,signed_message=>'-----BEGIN PGP...')
- Mail is sent signed (or not, forge-wide option), probably encrypted too (forge-wide/user-wide preference?)
- S/MIME as well as GPG?
- If so, then user certificates as authentication for the web part of the forge?
Added bonus: once the GPG keys are known, one could push them to SLS (secured Mailman), at least for those users who subscribe to lists using either their "real" address or their firstname.lastname@example.org address.
Back to the Roadmap