User talk:HighInBC/Mediawiki e-mail enchancement

Interesting but...
This is very interesting, but do we have a real problem with users making false claims about emails? JoshuaZ (talk) 02:53, 28 March 2008 (UTC)


 * It does come up from time to time. And once I was accused of sending an e-mail I did not. The person was either lying, or it was a spoofed e-mail. undefinedUntil  05:36, 28 March 2008 (UTC)

Why reinvent the wheel with a server-side dependence
Why not just use a digital signature? —Random832 (contribs) 03:12, 28 March 2008 (UTC)


 * Since we would want anyone to be able to authenticate and we would want it to just function with the normal Wikipedia email option it would need to be server side. JoshuaZ (talk) 03:16, 28 March 2008 (UTC)


 * I don't see why there would need to be any server-side storage, though - a form could be made that just verifies the signature on something pasted into it. And what i'm suggesting is _adding_ a digital signature to the normal wikipedia email option. —Random832 (contribs) 03:23, 28 March 2008 (UTC)
 * Hmm, wouldn't that require additional technical expertise on the people using the feature? JoshuaZ (talk) 03:34, 28 March 2008 (UTC)
 * For the people using emailuser? no, the signing would be done by the server. If a form is provided to verify the signature, users would just have to cut between the lines. (in fact, the presence of delimiting lines in e.g. the PGP format would prevent things from being fouled up by trailing newlines) —Random832 (contribs) 03:36, 28 March 2008 (UTC)
 * I think I get what you are saying. That does sound like a better protocol. JoshuaZ (talk) 03:46, 28 March 2008 (UTC)
 * I think random may have a point there. undefinedUntil  05:44, 28 March 2008 (UTC)

So, basically - in a similar form to your proposal - when sending a wikipedia e-mail, the e-mail will consist of two PGP signed messages: One whose content is basic information about the message (timestamp in UTC, sender username, recipient username), and one which is that plus the subject line and content of the message itself. —Random832 (contribs) 15:58, 28 March 2008 (UTC)


 * That is a better idea in that it does not require extra DB storage and still keeps all the advantages of the system I thought of. I will re-write my proposal with this new idea later if someone else does not beat me to it. undefinedUntil  16:01, 28 March 2008 (UTC)

Now the big questions:

DomainKeys Identified Mail (DKIM)
Look up DKIM. It provides most of the feature set that you suggest, in that it can determine that the sender of the email and the contents of the message have not been tampered with to a reasonable degree of certainty. Loren.wilton (talk) 01:57, 29 March 2008 (UTC)