Monero Research Lab e-mail addresses

[b-g-goodell]

Sarang and I (and any future researchers) should have Monero Research Lab e-mail addresses.

[anonimal]

Should the same apply to lead devs too? I personally don't like all of my reliance on i2pmail.org (or any other non-monero) account but, in acquiring new emails, would this open up new attack vectors?

[b-g-goodell]

Apply to devs? Yes, I think so. I would just be rerouting the formal email address to an account I would be likely to use anyway.

New attack vector? I suppose! If my monero email address is compromised, the attackers could spoof who I am with it, etc. But we have our own forums for funding, etc, and it wouldn't be inserting any attack vectors that weren't already inserted by the forum... (imo... I'm open to changing my view, though).

[michaesc]

Michael requests a getmonero.org email address, useful when speaking at events or to journalists.

Since SMTP is so easy to manipulate, I don't think new attack vectors associated with email addresses should be considered a game changer. Instead, they should be considered along the lines of social engineering, which only requires weak use of signatures to succeed. Does that make sense?

[serhack]

Social engineering is very common attack for email. Does getmonero.org have a firewall for spam?

[michaesc]

Hi there @danrmiller! Unless there is ongoing debate about this, please configure an address (same as my forum, taiga, mattermost, and other name 'Michael') for me:

michael@getmonero.org

...and indicate (private or public) which server credentials (protocol, port, host...) to use. The only thing left to decide is how to configure secrets on the authentication server (SASL or whatever) and my client. Do you have a standard way of doing this?

My S/MIME and GPG information is online:

http://michael.schloh.com/contact.html https://pgp.mit.edu/ (Key 1024D/52859ED3)

[danrmiller]

@michaesc I don't handle the current email for getmonero.org. Its probably fluffypony.

[fluffypony]

@danrmiller did we not move it over to Zoho? Whoops...I think I may have dreamt that we finished doing that🤦🏻‍♂️

Let's do the Zoho move in the next week and make sure we setup all the groups / forwarders as they currently are, then we're golden.

[michaesc]

Was the Zoho move completed, and let's make the next step with mail configuration if Zoho is complete?

[michaesc]

@danrmiller Are you able to administer services on the Zoho (whatever that is?) I believe the move has been completed, since this bug report is almost 2 months old. It's possible there's information that needs to be exchanged, hostnames and usernames?

[danrmiller]

No, @fluffypony and I will have to catch up to work this out.

[danrmiller]

This is complete and fluffypony will be in contact to get you setup. Otherwise you can find me as pigeons on freenode..

[b-g-goodell]

Great!