*From:* Tim via users <users@lists.fedoraproject.org>
*Sent:* Thursday, 20 March 2025 at 15:08 UTC+11
*To:* noloa...@gmail.com, Community support for Fedora users
<users@lists.fedoraproject.org>
*Cc:* Tim <ignored_mail...@yahoo.com.au>
*Subject:* RE: Evolution Functionality
Tim:
I don't actually know what you mean by organisation-sensitive or
sensitivity level, I can only guess.
Jeffrey Walton:
<https://www.google.com/search?q=data+classification+and+sensitivity+levels>.
Yes, I mentioned classifications further below in my email. The
organisation-sensitive one was a new one on me (R&D only? LegalDept
only?). Though, without the original poster responding, I don't know
if it's just about labelling the messages or is meant to enforce
controls.
When sensitivity levels are set on a mail, the mail client adds headers
into the header list to specify the sensitivity level specified
(Private, confidential, organisation-confidential). The setting of
organisation-confidential is the same as confidential but meets the
requirements of RFC 256 (I think it was that, I need to look up the
documentation again for the environment I develop in at work to see
exactly what RFC it is for).
I suspect it's merely a label and application-specific. The moment you
email someone without the requisite software it's going to get ignored.
Organisations, if they so desire, can put processes in place to handle
mails with headers specifying sensitivity differently to mails that
don't have the headers. In fact, I'm trying to get a defect resolved at
the moment where somewhere between the code I wrote to send the mail and
the mail arriving in Outlook 365, the sensitivity level in the headers
has been changed.
regards,
Steve
Like typing "private and confidential" at the top of a letter, it does
little more than advise the person reading it.
They're likely to find that if their organisation requires access
controls, they probably require specific approved software. One that's
been vetted and tested and they don't want to pay to test anything
else. Amusingly, it'll probably be some Microsoft app that's approved,
despite it having numerous other major security flaws that should get
it vetoed.
https://www.rfc-editor.org/rfc/rfc2156#section-5.3.4
https://www.rfc-editor.org/rfc/rfc4021#section-2.1.55
Seem to indicate it's only going to be a label in the header. Someone
in a committee is probably going to get their knickers in a twist
insisting something actually useless must be mandated.
Going back to serious mode: I see nothing in Evolution that offers the
feature, except for appointments in the calendar. You'd probably have
to have a custom plug-in created. That, or some kind of automatic
processing done by the mail server looking for keywords to trigger it
(such as choosing different boilerplate signatures, to give a simple
way to choose an option in the message editor).
I think this is another of those things that is glossed over in email,
like how damn difficult it is to do secure mail (it's still definitely
computer nerd territory to encrypt emails).
(I would have sent it privately, but emails to your email address bounced).
The list replaces my from address with its own, so that won't work. I
know why it does that, in general, just not specifically why it does
that to mine (they're posted directly through a major server that
requires me to login). Not that I care, I'm happy with it doing that.
If people read my boilerplate they'd see they can't reply privately, in
any way.
--
_______________________________________________
users mailing list -- users@lists.fedoraproject.org
To unsubscribe send an email to users-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/users@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
