This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
userdoc:remail [2019-12-09 18:19] mricon created |
userdoc:remail [2020-05-08 14:56] (current) mricon |
||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ~~REDIRECT>https://korg.docs.kernel.org/remail.html~~ | ||
+ | |||
====== Encrypted email using ReMail ====== | ====== Encrypted email using ReMail ====== | ||
- | Remail was written to sidestep the hard-to-solve problem of sending encrypted mail to multiple people, some of whom may prefer to use GnuPG, some PGP from Symantec, while others use S/MIME from coroprate-issued CAs that are not in universal CA trust stores. | + | Remail was written to sidestep the hard-to-solve problem of sending encrypted mail to multiple people, some of whom may prefer to use GnuPG, some PGP from Symantec, while others use S/MIME from corporate-issued CAs that are not in universal CA trust stores. |
+ | |||
+ | Remail accepts both S/MIME and PGP-encrypted email sent to a single address, decrypts it on the back-end, and then re-encrypts it to individual list subscribers using whichever is their preferred scheme for exchanging encrypted email. | ||
+ | |||
+ | For more information on this project, please see the [[https://git.kernel.org/pub/scm/linux/kernel/git/tglx/remail.git/|official Remail git repository]]. | ||
+ | |||
+ | ===== Remail at kernel.org ===== | ||
+ | |||
+ | Kernel.org uses remail for discussions that need to happen around coordinated response to embargoed security vulnerabilities. The service itself runs on a dedicated VM inside a private cloud cluster that has no direct access from the Internet -- it can only be accessed via the VPN used by IT operations personnel. Any administrative access to that internal remail system requires 2-factor authentication. Any off-site backups performed on that system are PGP-encrypted with a unique symmetric key before they are uploaded to external storage. | ||
+ | |||
+ | ==== Logging ==== | ||
+ | |||
+ | For transparency purposes, conversations exchanged between parties using encrypted email are logged on the internal remail system in order to provide a sanitized public discussion archive once embargoes are lifted. | ||
+ | |||
+ | ==== Requesting a remail list ==== | ||
+ | |||
+ | If you would like to request your own remail list, please contact [[helpdesk@kernel.org]]. | ||
- | Remail accepts both S/MIME and PGP-encrypted email sent to a single address, decrypts it on the back-end, and then recrypts to individual list subscribers using whichever is their preferred scheme for email encryption. | ||