Page MenuHomePhabricator

Add basic support for a "Must Encrypt" mail flag which prevents unsecured content transmission

Authored by epriestley on Feb 1 2018, 4:39 PM.



Ref T13053. See PHI291. For particularly sensitive objects (like security issues), installs may reasonably wish to prevent details from being sent in plaintext over email.

This adds a "Must Encrypt" mail behavior, which discards mail content and all identifying details, replacing it with a link to the /mail/ application. Users can follow the link to view the message over HTTPS.

The flag discards body content, attachments, and headers which imply things about the content of the object. It retains threading headers and headers which may uniquely identify the object as long as they don't disclose anyting about the content.

The bin/mail list-outbound command now flags these messages with a # mark.

The bin/mail show-outbound command now shows sent/suppressed headers and the body content as delivered (if it differs from the original body content).

The /mail/ web UI now shows a tag for messages marked with this flag.

For now, there is no way to actually set this flag on mail.

Test Plan
  • Forced this flag on, made comments and took actions to send mail.
  • Reviewed mail with bin/mail and /mail/ in the web UI, saw all content information omitted.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

  • Add a missing UI check before showing the tag on the detail view.
  • Spell "secure" in a more conventional way.
This revision is now accepted and ready to land.Feb 2 2018, 1:14 AM
This revision was automatically updated to reflect the committed changes.