canmove, Confirmed users
4,854
edits
Security/Security Bugs/EncryptedBugmail: Difference between revisions
Jump to navigation
Jump to search
Security/Security Bugs/EncryptedBugmail (view source)
Revision as of 21:54, 12 March 2012
, 12 March 2012no edit summary
(Created page with "Secure Mail will soon by turned on for bugs in the "Security-Sensitive Core Bug" group. This group includes all reported client security issues that are not web related. Specific...") |
No edit summary |
||
| Line 1: | Line 1: | ||
Secure Mail will soon by turned on for bugs in the "Security-Sensitive Core Bug" group. This group includes all reported client security issues that are not web related. Specifically, this is for general platform, Javascript engine, Firefox, and Thunderbird code. | Secure Mail will soon by turned on for bugs in the "Security-Sensitive Core Bug" group in Mozilla's [https://bugzilla.mozilla.org Bugzilla]. This bug group includes all reported client security issues that are not web related. Specifically, this is for general platform, Javascript engine, Firefox, and Thunderbird code. | ||
https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html | This will change the default Bugzilla email notification for bugs in the "Security-Sensitive Core Bug" group to simply sending mail saying that a bug has changed with no details except for a link to the bug. In order to receive the same bug details for security bugs as normal bugs, Bugzilla users will need to install a PGP compatible public key or an S/MIME key in Bugzilla. | ||
There is basic information on Secure Mail [https://bugzilla.mozilla.org/page.cgi?id=securemail/help.html available] on Bugzilla that explains some of the functionality. | |||
== Frequently Asked Questions (FAQ) == | == Frequently Asked Questions (FAQ) == | ||
1. Why are we making this change? | === 1. Why are we making this change? === | ||
2. How can I upload a Public Key? | === 2. How can I upload a Public Key? === | ||
Load your [https://bugzilla.mozilla.org/userprefs.cgi?tab=securemail Secure Mail preferences tab] for Bugzilla. This tab has a textarea where you can enter your PGP/GPG public key or SMIME certificate. | Load your [https://bugzilla.mozilla.org/userprefs.cgi?tab=securemail Secure Mail preferences tab] for Bugzilla. This tab has a textarea where you can enter your PGP/GPG public key or SMIME certificate. | ||
3. What if I take no action? | === 3. What if I take no action? === | ||
If you do not upload a encryption key and there is an update to a bug in a secure group, you will receive a notification that the bug has changed when it is updated but no details of the change. In order to view the details, you will need to visit the provided link in the e-mail to see the bug on Bugzilla. | If you do not upload a encryption key and there is an update to a bug in a secure group, you will receive a notification that the bug has changed when it is updated but no details of the change. In order to view the details, you will need to visit the provided link in the e-mail to see the bug on Bugzilla. | ||
| Line 18: | Line 19: | ||
Additionally, without uploading a key, you will not be able to reset your Bugzilla password over e-mail since the mail cannot be encrypted. You will require the assistance of an administrator for password resets. | Additionally, without uploading a key, you will not be able to reset your Bugzilla password over e-mail since the mail cannot be encrypted. You will require the assistance of an administrator for password resets. | ||
4. I don't want to see these emails anymore, how do I turn them off? | === 4. I don't want to see these emails anymore, how do I turn them off? === | ||
You can change your preferences for when you wish Bugzilla to send you mail in your [https://bugzilla.mozilla.org/userprefs.cgi?tab=email Email Preferences tab] for your Bugzilla preferences. This contains a variety of settings for when Bugzilla should send you email and for the components you are watching. | You can change your preferences for when you wish Bugzilla to send you mail in your [https://bugzilla.mozilla.org/userprefs.cgi?tab=email Email Preferences tab] for your Bugzilla preferences. This contains a variety of settings for when Bugzilla should send you email and for the components you are watching. | ||
=== 5. How do I make a PGP/GPG public key or get an S/MIME certificate? === | |||
PGP/GPG keys have the advantage of being completely free to create but the disadvantage of being somewhat cumbersome to set up and use in comparison to S/MIME. | |||
You can read a [http://www.madboa.com/geek/gpg-quickstart/ Quickstart for GPG] or the [http://enigmail.mozdev.org/documentation/gpgsetup.php.html one written by the Enigmail team]. | |||
You can obtain an S/MIME certificate from a number of providers. You can [https://www.startssl.com/?app=12 get a free one from StartCom] or [https://www.verisign.com/digital-id/index.html?tid=gnps pay Verisign] for one. Once you have it, [https://www.startssl.com/?app=25#52 export it from your browser] as a .p12 file and import it into your mail client. S/MIME Keys must be in PEM format - i.e. Base64-encoded text, with the first line containing BEGIN CERTIFICATE. In order to upload it to Bugzilla, you will need to convert the certificate to a .pem file. | |||
If you have OpenSSL installed, one way is as follows: | |||
openssl pkcs12 -in certificate.p12 -out certificate.pem -nodes | |||
The resulting .pem file is plain text and you can get your key out of it to be added to Bugzilla. | |||
=== 6. Where can I get more information on setting this up for my mail client? === | |||
If you are using Thunderbird, you can run [http://enigmail.mozdev.org/home/index.php.html Enigmail], a Thunderbird extension, to read GPG encrypted e-mail. Basic setup instructions are [http://enigmail.mozdev.org/documentation/basic.php.html here] for it. | |||
If you are using OS X's Mail.app, you can use [http://www.gpgtools.org/gpgmail/index.html GPGMail], a GPG compatible addon. | |||
Ars Technica has [http://arstechnica.com/apple/guides/2011/10/secure-your-e-mail-under-mac-os-x-and-ios-5-with-smime.ars published an article] on adding S/MIME certificates to Mail.app and iOS devices (and there is another article [http://blog.riobard.com/2010/05/18/sign-encrypt-email here] as well. | |||
LuxSci FYI has an [http://luxsci.com/blog/installing-smime-and-pgp-encryption-certificates-into-major-email-clients.html article] on configuring Outlook and other email clients to use S/MIME and GPG as well. | |||