[tor-bugs] #10989 [BridgeDB]: bridgedb should use starttls for outgoing mails
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Mar 6 18:39:44 UTC 2014
#10989: bridgedb should use starttls for outgoing mails
-------------------------+-------------------------------------------------
Reporter: arma | Owner: isis
Type: | Status: assigned
enhancement | Milestone:
Priority: major | Version:
Component: | Keywords: bridgedb-email, bridgedb-gsoc-
BridgeDB | application
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Changes (by isis):
* status: new => assigned
* owner: => isis
* keywords: => bridgedb-email, bridgedb-gsoc-application
* priority: normal => major
Comment:
Sysrqb, if I recall correctly, you looked into this at the 2014 Winter
meeting... did you discover anything notable?
I do not recall off the top of head if emails sent out from BridgeDB are
sent through Postfix, or directly sent from the `bridgedb.EmailServer`
module.
If the latter, the code in Twisted and pyOpenSSL for inspecting the state
of a TLS handshake is rather gruesomely opaque, as I
[https://gitweb.torproject.org/ooni-
probe.git/blob/HEAD:/ooni/nettests/experimental/tls_handshake.py found
while writing a test for it in ooni]. That said, perhaps this could be a
very large undertaking, or possibly parts of that ooni code I wrote could
be used (I tried to write large parts of the callbacks in a generalised
fashion so that I'd never have to deal with this pain ever ever again).
Perhaps we should ''force'' SSL/TLS (we shouldn't be supporting any email
providers who don't provide SSL anyway), and refuse to send the email if
the handshake does not succeed?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10989#comment:3>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list