GnuPG Encrypted outgoing topic notification emails

Hello,

We switched our encrypted mailing list to a Discourse forum with no regret. Thanks for the great work!

When we switched to Discourse (obviously forcing https usage), we agreed to disable email notifications to prevent the sending of information without encryption. However, now, we miss email notifications :slight_smile:

Would it be possible to implement GnuPG encryption only for outgoing topic notification emails? Our only threat model is passive eavesdropping.

Someone already started a topic about that (then the topic was closed):

(even if I disagree about the signature stuff which add complexity for a low-value)

Do you think a lot of hacks are needed to complete this feature? Or even a ruby newbie could implement it?

Thanks!

1 Like

The topic you reference got closed because it was in the “marketplace”; to keep things manageable, topics get “expired” out of that category periodically.

As far as implementation goes, I doubt this would go into core any time soon (there’s a lot of more important features to add for general use), but I could definitely see it as a useful niche for a plugin. There might be a few hooks that need to be added to core in order for the plugin to catch the e-mails at just the right point in the processing chain and decrypt/encrypt, but I wouldn’t think it’d be out of the reach, technically, of a suitably motivated individual.

5 Likes