Opened 11 years ago
Last modified 11 years ago
#230 new enhancement
zcrypt: Key file path discovery in message comment
| Reported by: | geofft@mit.edu | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | zephyr | Keywords: | |
| Cc: |
Description
It'd be pretty nifty to allow provisioning a zcrypt class by saying "sub to this class", and having the first message to that class specify what key file to use. We could put a header before BEGIN PGP MESSAGE that included the path to the key. Then you could just tell people "sub to this class", and not require them to mess with .crypt-table manually (and instead update that file automatically).
In general, leaking the key path is not a concern, since filesystem ACLs protect the key itself. (We probably want to not do this by default, still and make this an advertise option.)
One possible area of concern, although unlikely, is that it should be easy to recover from someone sending a message there with an intentionally-wrong key path.
Change History (1)
comment:1 Changed 11 years ago by adehnert@mit.edu
- Component changed from internals to zephyr
