Short update... On 2025-06-10 21:42:10, Antoine Beaupré via tor-project wrote: > Summary: GitLab now encrypts outgoing email notifications on > confidential issues, if your key is in LDAP, OpenPGP keys stored in > GitLab will be used soon. [...] > ## Future work > > ### OpenPGP certificates in GitLab > > Right now, only "LDAP keys" (technically, the OpenPGP certificates > `account-keyring.git` project) are considered for encryption. > > Only mail delivered to `@torproject.org` are considered as well. > > In the future, we hope to implement a GitLab API lookup that will > allow other users to upload OpenPGP certificates through GitLab to > use OpenPGP encryption for outgoing mail. > > This has not been implemented yet because implementing the current > backend was vastly easier, but we still hope to implement the GitLab > backend. I have walked back this idea. GitLab API lookups are vastly more complicated than just using the current keyring. At this point, I consider, again, that the best course of action to implement this is to natively implement this in GitLab and stop bolting on hacks on top of it. > ### OpenPGP signatures > > Mails are currently encrypted, without signature, which is [actually > discouraged][]. We are considering signing outgoing mail, but this > needs to be done carefully because we must handle yet another secret, > rotation, expiry and so on. > > [actually discouraged]: https://www.ietf.org/archive/id/draft-ietf-lamps-e2e-mail-guidance-17.html#name-avoid-offering-encrypted-on > > This means, among other things, that the OpenPGP messages do not > provide any sort of authentication that the message really comes from > GitLab. It's still entirely possible for an attacker to introduce > "fake" GitLab notifications through this system, so you should still > consider notifications to be advisory. The source of truth here is the > GitLab web interface. > > OpenPGP signatures were seen as not absolutely necessary for a first > implementation of the encryption system, but may be considered in the > future. Note that we do *not* plan on implementing signatures for > *all* outgoing mail at the time. OpenPGP signatures were, however, implemented. The signing key is available through WKD in "direct mode", and is attached to this message. I have resolved the related issue about this work, but feedback is still welcome! https://gitlab.torproject.org/tpo/tpa/gitlab/-/issues/151 A. -- Antoine Beaupré torproject.org system administration
Attachment:
git@gitlab.torproject.org-public.key
Description: application/pgp-keys
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ tor-project mailing list -- tor-project@xxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to tor-project-leave@xxxxxxxxxxxxxxxxxxxx