Break in Security Chain: Email Notifications
Description
GitLab offers a good and secure design:
- hosting data on-premmise
- Git data transfer via SSH or HTTPS
- Accessing GitLab WebUI via HTTPS
- Setting access rights per group and project
- Confidential issues
- ...
Unfortunately there is a hole when it comes to external partners and customers: If an external partner or customer uses his companies email address or even private email address, the secure chain of information flow is broken by the SMTP protocol. The majority of SMTP servers, does not support encrypted server to server communication. Even many would support it, GitLab can not ensure that issues texts, code reviews and other confidential information is protected on every hop from GitLab to the end users mail program.
These unencrypted emails may contain:
- release dates, release delays
- bugs, vulnerabilities, security issues
- classified code, classified values
- future product ideas
- ...
A solution is needed to:
- disable sending emails to GitLab users containing potential classified information, if the secure email communication cannot be ensured.
- allowing to add a users public key to send encrypted and signed emails
- S/MIME
- PGP / GPG
Proposal
- Add/implement S/MIME encryption.
- Allow a user to add his public S/MIME certificate to his account. Thus GitLab can send encrypted email to that user.
- Allow an administrator to add a S/MIME certificate to GitLab, thus all encrypted emails can be signed with a matching signature for GitLabs email address (
gitlab@company.com
) - Allow per server/group/project to disable sending out critical information to users of another email domain.
E.g. GitLab shouldn't send information touser1@acme.com
, because it can not sensure thatcompany.com
andacme.com
are communicating with encrypted SMTP sessions.
As PGP / GPG is an alternative to S/MIME, this encryption technique should be supported too.
Questions:
- What (other) possibilities exist?
Links / references
Related issues:
Edited by 🤖 GitLab Bot 🤖