Comment 0 for bug 316272
Revision history for this message
| Martin Pool (mbp) wrote launchpad should verify gmail authenticators | #0 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
A fair number of Launchpad users use gmail. This works fine, except that it is not so easy to use gpg to sign your mail.
However, gmail has pretty strong assurance that the sender owns the account, and it puts data in to the headers that should make it possible to verify that the mail is authentic.
So when I send mail from <email address hidden>, and that address is associated with my Launchpad account, Launchpad should just trust the mail as if it were signed.
gmail is arguably the key example but we could apply this to other cases where we trust the sending domain.