www-infrastructure-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Gruno <rum...@cord.dk>
Subject Secure submission of sensitive data to committees/entities
Date Wed, 23 Apr 2014 17:18:14 GMT
Hello, infra-dev lurkers,

As was seen in the latest board report (should be public in about a
month, if you're not on the infra ML), there was a request from several
people at ApacheCon for infra to create a tool that automates secure
submission of data of a sensitive nature to PMCs or other entities in
the foundation, and we'd like some feedback on this.

We have put up a solution for this at https://secsubmit.apache.org/ that
does the following:

1) Jane Doe has something sensitive she wishes to share with the PMC and
only the PMC (or another entity within the ASF)
2) Jane visits SecSubmit
3) Jane selects project Foo
4) Jane enters the data she'd like to send

5) The site fetches the PGP keys associated with members of this PMC
6) The site composes an email to the PMC/entity

7.a) The site encrypts this using the PGP keys and sends it to
private@foo.apache.org (or security@ if applicable)
7.b) In cases of security issues (exploits etc), the Apache Security
Team is also CC'ed and their keys are coupled in.
7.c) The site also informs the PMC/entity about the current PGP status
of the respective PMC/entity (how many have valid keys etc)

This process can already be done manually by anyone, this site simply
automates it, making it easier to send encrypted information to an
Apache entity.

Note: Currently, the submissions end up in my inbox, it is not enabled
for projects yet. We'd like some feedback before we activate the service
for the public. If you'd like to see the end result of a submission,
please ping me on #asfinfra, and I can flip some bits to make it land in
your inbox.

Also note that this is NOT a replacement for security@. If people use it
for submitting security flaws, so be it, but the original intent is to
make it easier to submit confidential information of any character to a
PMC or other entity in the ASF, whether it be a bug, someone dying of
cancer or what have you, and be assured that only the PMC can read it,
even in cases of compromised email transport or clients.

What do you think? Is this something you could imagine using (or imagine
others could use), or is it simply a waste of space?

If there are questions about how the current set-up works, I'd be happy
to explain it in more detail.

With regards,
Daniel.

Mime
View raw message