Konfidi Mail Clients: Difference between revisions

From Konfidi
Jump to navigationJump to search
m (Reverted edits by Js5Dxz (Talk); changed back to last version by DaveBrondsema)
(remove openpgp-specific stuff)
 
Line 1: Line 1:
== Available Clients ==
== Available Clients ==
* procmail: [[Install cli-filter|cli-filter]]
* [[Setup_SpamAssassin|SpamAssassin]]
* thunderbird: ''not available (yet)''
* Thunderbird: ''not available (yet)''
* outlook: ''not available (yet)''
* Outlook: ''not available (yet)''
* ...
* ...


Line 9: Line 9:
* Adhere to the RFC 2822, RFC 2440, RFC 1847, and RFC 3156 [[Specifications#Documents | specifications]]
* Adhere to the RFC 2822, RFC 2440, RFC 1847, and RFC 3156 [[Specifications#Documents | specifications]]
* Allow the user to configure:
* Allow the user to configure:
** the source (i.e. recipient's) PGP fingerprint, used in queries
** the source's (i.e. recipient's) identity, used in queries
** the trustserver to use
** the trustserver to use
** trustserver options
** trustserver options
** OpenGPG executable to use
* Authenticate the sender of the email
* Remove any pre-existing headers that Konfidi clients should add (see table below).
* Request a trust value computation from a trustserver, and add the appropriate headers and/or filter the email based on the value
* Only handle messages that are <code>Content-Type: multipart/signed</code> with two parts, the second of which is <code>Content-Type: application/pgp-signature</code>
** On failure, stop processing.  Should set <code>X-PGP-Signature: none</code>
* Validate the PGP signature
** On failure, stop processing.  Should set <code>X-PGP-Signature:</code> to an appropriate value specified below.
* Validate that the <code>From:</code> email address is listed in the public key used to create the signature.
** On failure, stop processing.  Should set <code>X-PGP-Signature: from mismatch</code>
* Request a trust value computation from a trustserver, and add the appropriate headers (see below) and/or filter the email based on the value
 
 
=== Clients should: ===
* Add the following headers
<table border="1" cellspacing="0">
<tr><th>Header</th><th>Values</th></tr>
 
<tr><td>X-PGP-Signature:</td>
<td>One of:
* <code>none</code>
* <code>valid</code>
* <code>invalid, ${gpg error text}</code>
* <code>public key not available</code>
* <code>from mismatch</code>
</td></tr>
 
<tr><td>X-PGP-Fingerprint:</td>
<td>The full 40-character PGP fingerprint.  Omit if <code>X-PGP-Signature: none</code></td></tr>
 
<tr><td>X-Konfidi-Email-Rating:</td>
<td>A decimal number between 0-1, inclusive.  Value is to be retrieved from a trustserver</td></tr>
 
<tr><td>X-Konfidi-Email-Level:</td>
<td>0-10 asterisks (e.g. <code>****</code>)</td></tr>
 
<tr><td>X-Konfidi-Client:</td>
<td>The name and version of the client (e.g. <code>cli-filter 0.1</code>)</td></tr>
</table>
 
=== Clients may: ===
* Set the source PGP fingerprint to the user's valid private key's fingerprint, unless it has been already specified by the user or the user has multiple valid private keys.
* Handle signed and encrypted messages, in a manner consistent with the handling of signed and unencrypted messages.

Latest revision as of 09:22, 26 January 2008

Available Clients

  • SpamAssassin
  • Thunderbird: not available (yet)
  • Outlook: not available (yet)
  • ...

Specification

Clients must:

  • Adhere to the RFC 2822, RFC 2440, RFC 1847, and RFC 3156 specifications
  • Allow the user to configure:
    • the source's (i.e. recipient's) identity, used in queries
    • the trustserver to use
    • trustserver options
  • Authenticate the sender of the email
  • Request a trust value computation from a trustserver, and add the appropriate headers and/or filter the email based on the value
Retrieved from "https://konfidi.org//w/index.php?title=Konfidi_Mail_Clients&oldid=2500"