[rt-devel] RT3: mail UTF-8 automatic conversion and GPG verification

Jesse Vincent jesse at bestpractical.com
Thu Aug 14 18:29:38 EDT 2003



On Fri, Aug 15, 2003 at 12:23:25AM +0200, Guillaume Perral wrote:
> Maybe the signature verification could be done on the MDA side (rt-mailgate) 
> which then pass information passed to RT via an additionnal parameter. This 
> solution needs to make modifications in rt-mailgate, 
> /REST/1.0/NoAuth/mail-gateway, RT::EmailParser and RT::Interface::Email...

I believe this would leave you vulernable to third-parties injecting
falsely valid messages between rt-mailgate and the  REST API

> Another way is to keep a copy of the original MIME::Entity during the 
> authentication process, but it can be painful with large attachements...
>
> Yet another solution is to make the UTF-8 conversion *after* authentication 
> phase. I don't know if and how this could make things going bad, if it ever 
> did.

It might result in butchered user-names in creation. But that could be
compensated for. I'd like autrijus input on this potential change. It
sounds the most reasonable


> 
> Anyone ?
> 
> Thanks,
> -- 
> _______________________________________________
> rt-devel mailing list
> rt-devel at lists.fsck.com
> http://lists.fsck.com/mailman/listinfo/rt-devel
> 

-- 
http://www.bestpractical.com/rt  -- Trouble Ticketing. Free.



More information about the Rt-devel mailing list