[tor-bugs] #12536 [BridgeDB]: BridgeDB e-mails should be encrypted when possible
Tor Bug Tracker & Wiki
blackhole at torproject.org
Sun Jul 6 15:38:22 UTC 2014
#12536: BridgeDB e-mails should be encrypted when possible
--------------------------+--------------------------------------------
Reporter: andrea | Owner: isis
Type: defect | Status: closed
Priority: normal | Milestone:
Component: BridgeDB | Version:
Resolution: wontfix | Keywords: bridgedb-email, bridgedb-2.0.x
Actual Points: | Parent ID:
Points: |
--------------------------+--------------------------------------------
Changes (by isis):
* keywords: => bridgedb-email, bridgedb-2.0.x
* cc: isis, sysrqb (added)
* status: new => closed
* resolution: => wontfix
Comment:
So... as much as I would love to offer this feature, it's not safe to have
the server which has the BridgeDB databases on it parse arbitrary OpenPGP
packets, due to the complication of the specification of those packets and
the fact that no implementation of RFC4880 yet-to-date has followed the
spec (they've all diverged from it in slightly different incompatible
ways).
For a different version of what you're asking for, see ticket #9332. This
feature would not extend to general users, however. Perhaps if/when the
email distributor runs on a separate machine, then we can safely consider
implementing this feature. For now, I won't do it because it risks giving
an adversary access to the entire bridge database.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12536#comment:2>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list