Revision a1384f1c
Added by Marc Dequènes almost 16 years ago
- ID a1384f1c1d7097d973ba2565726cc9e608209aab
| TODO | ||
|---|---|---|
|
- handle incoming encrypted messages from user to receive sensitive data, and to sign replies -> postman would need a GPG key too
|
||
|
- ban keys from unknow users flooding -> counter, reseted when key added in DB
|
||
|
- protect against replay (foo resending eavesdropped mail) -> store message IDs, but how to limit to a reasonnable timeframe ?
|
||
|
- protect against intercepted mail with falsified headers (From/Reply-To/... could be tampered to get replies, reply tampered too, and then resent to avoid being detected)
|
||
Also available in: Unified diff
[fix] now is the TODO