lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <Y6w/RL2yq16ijWQC@spud>
Date:   Wed, 28 Dec 2022 13:06:12 +0000
From:   Conor Dooley <conor@...nel.org>
To:     Bagas Sanjaya <bagasdotme@...il.com>
Cc:     corbet@....net, Conor Dooley <conor.dooley@...rochip.com>,
        broonie@...nel.org, konstantin@...uxfoundation.org,
        linux-doc@...r.kernel.org, linux-kernel@...r.kernel.org,
        jstrauss@...lbox.org, alobakin@...lbox.org
Subject: Re: [PATCH v1] Documentation: process: Document suitability of
 Proton Mail for kernel development

+CC Joe & Alexander, who were the ones that had the problem.

On Wed, Dec 28, 2022 at 07:33:53PM +0700, Bagas Sanjaya wrote:
> On 12/28/22 07:03, Conor Dooley wrote:
> > +
> > +Proton Mail
> > +***********
> > +
> > +Proton Mail has a "feature" where it looks up keys using Web Key Directory
> > +(WKD) and encrypts mail to any email recipients for which it finds a key.
> > +Kernel.org publishes the WKD for all developers who have kernel.org accounts.
> > +As a result, emails sent using Proton Mail to kernel.org addresses will be
> > +encrypted.
> > +Unfortunately, Proton Mail does not provide a mechanism to disable the
> > +automatic encryption, viewing it as a privacy feature.
> > +This affects mail sent from their web GUI, from other mail clients using their
> > +mail "bridge", as well as patches sent using ``git send-email``.
> > +Unless a way to disable this "feature" is introduced, Proton Mail is unsuited
> > +to kernel development.
> 
> All mails sent via Proton Mail SMTP relay?

I'm not quite sure what the purpose of your question is, sorry.
When I say "bridge", I mean their program by the same name:
https://proton.me/mail/bridge
When I was using proton, I do not recall being able to send mail using
proton without the bridge, their web GUI or their app.
Perhaps Joe or Alexander are aware of anything that's changed in the
last year.

> Also, why is sending encrypted emails
> to public mailing lists (like LKML) not a good idea?

Is that a real or rhetorical question?
Note that the public mailing list *does not* receive the encrypted
copies of the emails.

Thanks,
Conor.


Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ