Re: [exim] accepting email authenthicating on GPG/PGP signat…

Page principale
Supprimer ce message
Répondre à ce message
Auteur: Viktor Dukhovni
Date:  
À: exim-users
Sujet: Re: [exim] accepting email authenthicating on GPG/PGP signature
On Mon, Mar 03, 2014 at 05:58:49PM +0100, Leonardo Boselli wrote:

> Is possible to authenthicate the acceptance of e-email based on the
> GPG signature, that is every message has a GPG signature, if the
> message is signed by someone that is in the public keyring of MTA,
> and the signature is verifiesm, it is accepted, else is refused ?


Is the intent specifically to ensure that all mail is signed, or
merely to authenticate the sender (in lieu of SASL AUTH).

Mere signature of content, is not sufficient to authenticate the
intention to transmit the envelope, so it would be unwise to attempt
to replace SASL with content GPG. If you want asymmetric keying
for authentication, TLS client certs would be a better approach.

Of course if the intent is in fact to make sure that all mail is
signed by an authorized sender, then in addition to SASL authentication,
you can implement a filter that performs a GPG content signature
check.

-- 
    Viktor.