[rt-users] GPG Auto Key Retrieval

Kevin Falcone falcone at bestpractical.com
Wed Jul 31 11:45:27 EDT 2013


On Tue, Jul 30, 2013 at 04:34:04PM -0400, Christopher Costa wrote:
>    Thanks for that explanation of what's going on behind the scenes. I will try to test the
>    inbound email shortly.
> 
>    In any case, it sounds like I'll have to think up some other ideas. Our users occasionally
>    need to communicate (via RT) with people who aren't themselves users of RT, and who didn't
>    initiate the communication with an inbound email, so I don't think we would be able to rely
>    100% on the inbound fetching of keys.
> 
>    Would there be any interest in considering that extra functionality for a future release if I
>    were to submit a feature request?

The code in question is being massively refactored for merge into the
master branch in git, so any work would want to be done after that.

I'm not sure how much effort it would be, but you can certainly file a
bug for your feature.

-kevin

>    On Tue, Jul 30, 2013 at 3:36 PM, Kevin Falcone <[1]falcone at bestpractical.com> wrote:
> 
>      On Tue, Jul 30, 2013 at 02:19:29PM -0400, Christopher Costa wrote:
>      > It looks as if testing inbound email to RT might not be a simple chore in my environment
>      so
>      > for now I'm going to focus on outbound email. I do have debug logging enabled. Is there is
>      > someplace else worth looking? Am I misunderstanding how auto key retrieval is supposed to
>      work
>      > with outbound mail?
> 
>      RT calls gpg --list-public-keys [2]bob at example.com which I don't think
>      fetches automatically. I think that only happens during the encrypt.
> 
>      Most of the time this is a non-issue because the verification when
>      mail enters the system *does* fetch.
> 
>      In order to work around this, RT would need to add a bunch of fetch
>      keys logic, which unfortunately was explicitly not-in-scope when this
>      was implemented for RT 3.8.0.
> 
>      Also, testing inbound email should be pretty trivial, even if you
>      can't glue all the parts together.
> 
>      Take a signed email in a text file and run:
> 
>      /opt/rt4/bin/rt-mailgate --queue General --url htt://[3]foo.com --action correspond < email
> 
>      -kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 235 bytes
Desc: not available
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20130731/45316a02/attachment.pgp>


More information about the rt-users mailing list