Skip to content
Learn more about Mattermost for Microsoft Teams »

I suggest you ...

← General

Add GPG signed and encrypted notifications (end to end)

As administrator I want to restrict notification messages sent from my self-hosted mattermost server to be GPG signed and encrypted.

That means, if a user hasn't uploaded a GPG public key to his account, notifications sent to him only contain some metadata or nothing at all.
If a user has uploaded a GPG public key, then the notification message is encrypted for him as receiver, so only he can read it.
The notification message shall be signed in any case with the private key that I configured in my mattermost server.

Motivation: transport layer security between the mattermost server and clients is a great thing for transfering confidential information, however, if the receiver happens to be offline/away and notifications are configured to contain the content of the message it results in a leak of this sensitive information because the data lands in plain text on foreign mail servers.

8 votes
Vote

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
You have left! (?) (thinking…)
tumbleweed shared this idea  ·   ·  Report…  ·  Admin →
How important is this to you?

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close

We're glad you're here

Please sign in to leave feedback
Signed in as (Sign out)
Close
Close
Submitting...
An error occurred while saving the comment
  • tumbleweed commented  ·   ·  Report

    Now that the GDPR is in effect, this is even more critical as you cannot guarantee that your mattermost server does not send plain text emails containing sensitive personal data through the world.

General: Mattermost Enterprise Edition

Categories

Feedback and Knowledge Base

(thinking…)