Client configuration option to not search on any Attester domains except a whitelist #1668
Description
See https://flowcrypt.com/docs/business/org-rules.html
One of our customer has the following rule set up: disallow_attester_search_for_domains: ["*"] meaning don't use Attester to search public keys for any recipient domain. They would like to be able to add an exception to this for some domains, to be able to say "don't search anywhere except do use attester to search for public keys of users on domain example1.com and example2.com" which we don't currently support.
There are a few ways to approach this:
option 1 - add a way to define negative items
eg disallow_attester_search_for_domains: ["*", "!example1.com", "!example2.com"]
or disallow_attester_search_for_domains: ["*", "^example1.com", "^example2.com"]
or disallow_attester_search_for_domains: ["*", "-example1.com", "-example2.com"]
advantage - I find it clearer what is going on, all related config in one place
disadvantage - ^, ! or - are quire arbitrary choices. A minor form of string parsing involved
could be more explicit like
or disallow_attester_search_for_domains: ["*", "allow:example1.com", "allow:example2.com"]
option 2 - add another configuration
disallow_attester_search_for_domains: ["*"],
always_allow_attester_search_for_domains: ["example1.com", "example2.com"]
where always_allow_attester_search_for_domains overrides the wildcard in disallow_attester_search_for_domains
advantage - more explicit, no string parsing
disadvantage - one more client configuration which is not meaningful on its own, and is only meaningful when * is used in disallow_attester_search_for_domains - seems too narrow scope to have another client configuration