Hi Joost,
I will write and publish a patch which integrates PGP signature validation and re-encryption of encrypted posts to mailman. Specs are:
Don't duplicate work which has already been done :-) I made modifications to mailman 2.1.5 for encrypted mailinglists, but I kept quiet for testing. The test installation seems to behave pretty stable now, so this seems to be a goot point making the patch public.
The patch (and a german status of the project) is here: http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml
Direct link to the patch:
http://medien.informatik.uni-ulm.de/~stefan/mailman-2.1.5-gpg_2005-02-22.diff.gz
- A post will be distributed only if the PGP signature on the post is from one of the list members.
Not implemented in my patch. Signatures are recognised but not used as means of authentication for sending to the list.
- For sending encrypted email, a list member encrypts to the public key of the list. The post will be decrypted and re-encrypted to the public keys of all list members.
Done.
(Later, the patch will handle RFC 2633 (S/MIME) messages too, next to RFC 2440 (OpenPGP)).
Modular extension of my patch should be possible.
Features of the patch: - Web interface for key upload (list key, users' keys) - Several policies for accepting and delivering mails: - Incoming mail must not / may / must be encrypted - Outgoing mails must not / may / must be encrypted - Information on poster's signature embedded in redistributed message - Incoming mail formats: Inline-PGP and PGP/MIME - Outgoing mail formats: Currently PGP/MIME only
Current problems: Inline-PGP has never been standardised. This is awful. Every mailer does it a little bit different (content type of mail, encryption of attachments, treatment of encoding scheme). There is still work to do.
So, the plan:
I think one way to implement it would be to add two modules to GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'.
At this place, I implemented decryption (and encryption policy enforcement).
A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be called after CookHeaders' and before 'ToDigest'. This would, if needed, decrypt the message and reencrypt it to all recipients, and would sign it.
I found no elegant way for distributing encrypted mails, so I patched a copy of the SMTPDirect handler. Currently, every mail is delivered separately (as done for personalised mails); I didn't figure out at first glance how chunking works... otherwise, a mail might be encrypted to several recipients - increasing its length by several bytes, but reducing the number of forks of gpg processes.
For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface (
http://py-gnupg.sourceforge.net/ ).
That's what I used. Mind that py-gnupg (and gpgme, too) forks a gpg process for every operation. In large lists, this is pretty costly.
What do you think? The whole signature thing you planned is still missing, and inline-pgp needs some more work.
Stefan. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org
Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
