This shows you the differences between two versions of the page.
Next revision | Previous revision Next revision Both sides next revision | ||
userdoc:remail [2019-12-09 18:19] mricon created |
userdoc:remail [2019-12-09 19:11] mricon |
||
---|---|---|---|
Line 3: | Line 3: | ||
Remail was written to sidestep the hard-to-solve problem of sending encrypted mail to multiple people, some of whom may prefer to use GnuPG, some PGP from Symantec, while others use S/MIME from coroprate-issued CAs that are not in universal CA trust stores. | Remail was written to sidestep the hard-to-solve problem of sending encrypted mail to multiple people, some of whom may prefer to use GnuPG, some PGP from Symantec, while others use S/MIME from coroprate-issued CAs that are not in universal CA trust stores. | ||
- | Remail accepts both S/MIME and PGP-encrypted email sent to a single address, decrypts it on the back-end, and then recrypts to individual list subscribers using whichever is their preferred scheme for email encryption. | + | Remail accepts both S/MIME and PGP-encrypted email sent to a single address, decrypts it on the back-end, and then recrypts it to individual list subscribers using whichever is their preferred scheme for exchanging encrypted email. |
+ | |||
+ | For more information on this project, please see the [[https://git.kernel.org/pub/scm/linux/kernel/git/tglx/remail.git/|official Remail git repository]]. | ||
+ | |||
+ | ===== Remail at kernel.org ===== | ||
+ | |||
+ | Kernel.org uses remail for discussions that need to happen around coordinated response to embargoed security vulnerabilities. The service itself runs on a dedicated VM inside a private cloud cluster that has no direct access from the Internet -- it can only be accessed via the VPN used by IT operations personnel. Any administrative access to that internal remail system requires 2-factor authentication. Any off-site backups performed on that system are PGP-encrypted with a unique symmetric key before they are uploaded to external storage. | ||
+ | |||
+ | ==== Logging ==== | ||
+ | |||
+ | For transparency purposes, conversations exchanged between parties using encrypted email are logged on the internal remail system in order to provide a sanitized public discussion archive once embargoes are lifted. | ||
+ | |||
+ | ==== Requesting a remail list ==== | ||
+ | |||
+ | If you would like to request your own remail list, please contact [[helpdesk@kernel.org]]. | ||