Encrypted email using ReMail
============================

Remail was written to sidestep the hard-to-solve problem of sending
encrypted mail to multiple people, some of whom may prefer to use GnuPG,
some PGP from Symantec, while others use S/MIME from corporate-issued
CAs that are not in universal CA trust stores.

Remail accepts both S/MIME and PGP-encrypted email sent to a single
address, decrypts it on the back-end, and then re-encrypts it to
individual list subscribers using whichever is their preferred scheme
for exchanging encrypted email.

For more information on this project, please see the `official Remail
git repository`_.

.. _`official Remail git repository`: https://git.kernel.org/pub/scm/linux/kernel/git/tglx/remail.git

Remail at kernel.org
--------------------

Kernel.org uses remail for discussions that need to happen around
coordinated response to embargoed security vulnerabilities. The service
itself runs on a dedicated VM inside a private cloud cluster that has no
direct access from the Internet -- it can only be accessed via the VPN
used by IT operations personnel. Any administrative access to that
internal remail system requires 2-factor authentication. Any off-site
backups performed on that system are PGP-encrypted with a unique
symmetric key before they are uploaded to external storage.

Logging
~~~~~~~

For transparency purposes, conversations exchanged between parties using
encrypted email are logged on the internal remail system in order to
provide a sanitized public discussion archive once embargoes are lifted.

Requesting a remail list
~~~~~~~~~~~~~~~~~~~~~~~~

If you would like to request your own remail list, please contact helpdesk@kernel.org.