User talk:HighInBC/Mediawiki e-mail enchancement

Latest comment: 16 years ago by Loren.wilton in topic DomainKeys Identified Mail (DKIM)

Interesting but...

edit

This is very interesting, but do we have a real problem with users making false claims about emails? JoshuaZ (talk) 02:53, 28 March 2008 (UTC)Reply

It does come up from time to time. And once I was accused of sending an e-mail I did not. The person was either lying, or it was a spoofed e-mail. (1 == 2)Until 05:36, 28 March 2008 (UTC)Reply

Why reinvent the wheel with a server-side dependence

edit

Why not just use a digital signature? —Random832 (contribs) 03:12, 28 March 2008 (UTC)Reply

Since we would want anyone to be able to authenticate and we would want it to just function with the normal Wikipedia email option it would need to be server side. JoshuaZ (talk) 03:16, 28 March 2008 (UTC)Reply
I don't see why there would need to be any server-side storage, though - a form could be made that just verifies the signature on something pasted into it. And what i'm suggesting is _adding_ a digital signature to the normal wikipedia email option. —Random832 (contribs) 03:23, 28 March 2008 (UTC)Reply
Hmm, wouldn't that require additional technical expertise on the people using the feature? JoshuaZ (talk) 03:34, 28 March 2008 (UTC)Reply
For the people using emailuser? no, the signing would be done by the server. If a form is provided to verify the signature, users would just have to cut between the lines. (in fact, the presence of delimiting lines in e.g. the PGP format would prevent things from being fouled up by trailing newlines) —Random832 (contribs) 03:36, 28 March 2008 (UTC)Reply
I think I get what you are saying. That does sound like a better protocol. JoshuaZ (talk) 03:46, 28 March 2008 (UTC)Reply
I think random may have a point there. (1 == 2)Until 05:44, 28 March 2008 (UTC)Reply

So, basically - in a similar form to your proposal - when sending a wikipedia e-mail, the e-mail will consist of two PGP signed messages: One whose content is basic information about the message (timestamp in UTC, sender username, recipient username), and one which is that plus the subject line and content of the message itself. —Random832 (contribs) 15:58, 28 March 2008 (UTC)Reply

That is a better idea in that it does not require extra DB storage and still keeps all the advantages of the system I thought of. I will re-write my proposal with this new idea later if someone else does not beat me to it. (1 == 2)Until 16:01, 28 March 2008 (UTC)Reply

Now the big questions:

Does the community want this?

edit

How do we go about implementing it?

edit

DomainKeys Identified Mail (DKIM)

edit

Look up DKIM. It provides most of the feature set that you suggest, in that it can determine that the sender of the email and the contents of the message have not been tampered with to a reasonable degree of certainty. Loren.wilton (talk) 01:57, 29 March 2008 (UTC)Reply