Project

General

Profile

« Previous | Next » 

Revision 960c259e

Added by Marc Dequènes over 15 years ago

  • ID 960c259e23a88e40cbcfd210fbc8cc052eb7bb5a

[evol] handle incoming encrypted messages

View differences:

TODO
- handle incoming encrypted messages from user to receive sensitive data, and to sign replies -> postman would need a GPG key too
- sign mail replies
- ban keys from unknow users flooding -> counter, reseted when key added in DB
- protect against replay (foo resending eavesdropped mail) -> store message IDs, but how to limit to a reasonnable timeframe ?
- protect against intercepted mail with falsified headers (From/Reply-To/... could be tampered to get replies, reply tampered too, and then resent to avoid being detected)
- check "protocol" field in "Content-Type" for received signed/encrypted mails

Also available in: Unified diff