digital signature tests
2004-02-01 18:04:39 GMT
Has anyone (recently) given any thought to using crypto / digital signature evaluations in procmail tests. It's getting harder to send attachments around - one of the first lines of defense in the ongoing mydoom virus response, was bouncing zip files. A system or mail hub based procmail, delivering mail, could test incoming messages with mime info & look for smime types or pgp mime types. The mail hub procmail could test signatures against either a local key ring or large scale keyring (*gp), or list of known trusted CA roots (smime), or a list of trusted email certificates (smime). Possible configuration: messages that have valid signatures might be passed to the user (or scored more generously -- virus checks and other evaluations might still override). Certain kinds of failures could be rejected without further consideration, and others might be quarantined for evaluation. This could also be used to automatically construct a whitelist. Could also be used to generate a white list (send me a signed email - certificate or pgp pub key put in my whitelist db). I am pretty sure this is all do-able; has anyone been experimenting with it? Some of it seems like a natural fit for the anti-virus scanners.