Mailing List Archive

Speading WKD: Adding WKD sending for password resets/reminders
Moin,
quite a few software package use email as a way to confirm an account or a
password reset. Sometimes this even has a temporary password or pin.

With WKD there is a good pubkey to just automatically encrypt.
So if we build this into package, like Mailman, WKD users will get some extra
benefit. Okay, it is just a little bit of extra security, but why not?

(An idea coming up at the Intevation lunch table. ;) )

Best Regards,
Bernhard

--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabr?ck, DE; Amtsgericht Osnabr?ck, HRB 18998
Gesch?ftsf?hrer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
Re: Speading WKD: Adding WKD sending for password resets/reminders [ In reply to ]
On 04.03.2020 10:15, Bernhard Reiter wrote:
> With WKD there is a good pubkey to just automatically encrypt.
> So if we build this into package, like Mailman, WKD users will get some extra
> benefit. Okay, it is just a little bit of extra security, but why not?

Yep, this is definitely a good idea!

I proposed something similar to GitLab: when provisioning the account
with e-mail address automatically fetch GPG keys. Also: derive SSH keys
from GPG authentication subkeys.

WKD has a lot of underutilized potential ;)

The issue link:

https://gitlab.com/gitlab-org/gitlab-foss/issues/48751

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor