On Sat, Dec 1, 2018 at 2:10 PM Anthony DeRobertis wrote: > That honestly sounds like building a parallel system with at least as > much complexity as gpg,
Such a system already exists, so it would presumably not have to be built from scratch. https://freerelay.err.no/ Systems that only allow mail to be sent when it is signed via OpenPGP are usually much more limited in scope. The only ones I'm aware of are changes@db.d.o for updating LDAP via OpenPGP-signed messages, *-a@lists.d.o for restricting announcement lists to Debian members and perhaps things like schleuder. > just to prevent a largely non-existent problem > (forged emails — the whole thread has been about its possible, but no > reports of it happening). Of course, gpg is also a better (from a > security standpoint) and more widely-supported solution. Which is > already deployed in Debian. My suggestion was to combat brute-force attacks against SMTP auth passwords leading to spammers sending mail from the debian.org MXen and getting Debian banned from sending mail to most of the SMTP servers on the Internet. This suggestion only improves a small part of the existing discussion about domain-based email authentication. > Though, for the record, it appears both Mutt and Thunderbird support TLS > client certificates. Thanks for that data point. > Or you could just require strong passwords :-/ We do not rely on passwords for uploading to the archive or logging into debian.org machines with SSH and I think the same should apply to as many debian.org authentication systems as possible. In 2018, it is many years past time to stop using passwords in general (with exceptions for things like local auth and local encryption). -- bye, pabs https://wiki.debian.org/PaulWise
