Dilemma: Digium will sometimes receive requests to send GPG-encrypted mail dealing with security issues. This works somewhat poorly for email role accounts where there are multiple recipients on a single address. If there exists a better way to do this that doesn't involve a lot of customization, let me know and we'll see if it will do the right thing, otherwise we'll continue with the functional but somewhat awkward current method.
Current procedure: An individual will reply back, and create a 1:1 signed exchange with the original correspondent. Then, the Digium staffer will relay the data (with relevant GPG keys) to each other Digium staff member who may be involved. Desired procedure: A public key signature method would be publicly available via an SSL web page or various keyservers. Individuals could sign messages with the public key. Signed messages sent to "security@" would then be decrypted, and re-encrypted with the security@ key and sent to the small list of end recipients. Any recipients who replied back to the message would have the process happen in reverse, and also have copies if the reply sent (encrypted) to the other members of this email "exploder" as well as the external author. Summary: Has anyone implemented a "B2BUA" for GPG-signed email? JT --- John Todd email:[email protected] Digium, Inc. | Asterisk Open Source Community Director 445 Jan Davis Drive NW - Huntsville AL 35806 - USA direct: +1-256-428-6083 http://www.digium.com/ _______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
