Hi, I will write and publish a patch which integrates PGP signature validation and re-encryption of encrypted posts to mailman. Specs are:
- A post will be distributed only if the PGP signature on the post is from one of the list members. - For sending encrypted email, a list member encrypts to the public key of the list. The post will be decrypted and re-encrypted to the public keys of all list members. (Later, the patch will handle RFC 2633 (S/MIME) messages too, next to RFC 2440 (OpenPGP)). I've taken a look at the NAH6 secure list patch #646989 at http://sourceforge.net/tracker/index.php?func=detail&aid=646989&group_id=103&atid=300103 and at Ben Laurie's patch #645297 at http://sourceforge.net/tracker/index.php?func=detail&aid=645297&group_id=103&atid=300103 , but I believe none of these completely implements the listed requirements (although these will help me implementing, of course). I am asking you to take a look at my plan for implementation. Am I on the right track? So, the plan: I think one way to implement it would be to add two modules to GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'. PGPCheck would check wether the message is encrypted, and, if so, make a temporary decrypted copy in order to verify with which key is was signed. If the message is unencrypted, it would check the signature. It would store this information in new properties of the Mailman Message object. A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be called after CookHeaders' and before 'ToDigest'. This would, if needed, decrypt the message and reencrypt it to all recipients, and would sign it. If for instance a list member erroneously signs a post with a wrong public key, and encrypts the message, this message should be handled carefully. I believe the Hold module should be adapted for this. A copy of the original encrypted message should be kept. The message should be decrypted, signed with the listkey, encrypted to the list moderator key, and sent for acknowledgement. If the moderator chooses to deny the message, the poster should get her original message back. (I guess.) For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface ( http://py-gnupg.sourceforge.net/ ). I plan to write the patch against current stable Mailman. Any insight to share on this? Thanks! Bye, Joost -- Joost van Baal http://abramowitz.uvt.nl/ Tilburg University [EMAIL PROTECTED] The Netherlands
signature.asc
Description: Digital signature
_______________________________________________ Mailman-Developers mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
