Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration
Abhilash Raj writes: > Can you please point me in some direction to learn about the various > possible ways to sign a mail and/or encrypt it. Basically that's going to be MUA-dependent. There are standards for this (prominently S/MIME aka RFC 5751), but whether MUAs implement it is MUA-specific. Also, S/MIME is not the same as using OpenPGP (I guess that OpenPGP can be used to implement it, but I doubt that most systems using OpenPGP actually conform to S/MIME). I suspect that many webmail programs and Windows MUAs do not support OpenPGP (webmail programs generally don't support any form of secure mail AFAIK). Other important RFCs include PKCS (RFC 2315) and Security Multiparts for MIME (RFC 1847). (Do check those references before implementing them: I haven't followed this field that closely for several years, and several of them are probably superseded by now.) > Also i think adding the key as a new column against the email in > the list of subscriber would do the work. I still think you're getting ahead of yourself. What work are you talking about? Just getting keys stored in the subscriber database isn't much help if we haven't decided how we are going to use them. ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] GSOC 2013 - Introduction and Project Discussion
Pierre-Yves Chibon writes: > How do you reply to a thread if you don't have access to the > archives? The archives provide a URL to the web interface instead of a mailto URL. > If it is thought as a different system then I understand. I was more > confused if that was thought as part of HyperKitty as I believe it > already does that to some extend (I'll let Aurélien specify to which > extend). Sure. ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] GSOC Project idea: OpenPGP integration
On Sun, Apr 7, 2013 at 7:46 PM, Stephen J. Turnbull wrote: > Abhilash Raj writes: > > > Well what i want to make it is that whenever a user sends a mail to the > > list it should be singed with his private key so that it can be verified > > against his public that he uploads if he wants permissions to post in > the > > list. > > You mean that the user should sign it himself (or with the help of his > mail client), is that correct? Yes, the user should sign it himself. I am not sure about how it would be done though. > > > As the message is received by mailman its signature is verified and > > then its encrypted and sent to each person, wherein those who > > haven't uploaded their key will also receive an unencrypted > > copy(with a probability that it may not be intended for them or not > > authentic mail). > > I don't understand the use case for having both encrypted and > unencrypted copies distributed. Is the encryption intended to be > merely authentication? But what Mailman has is by definition the > subscriber's public key; anybody might have that. It *could* be kept > secret, but I think that's not so easy to prove. > > I would have imagined that maybe Mailman would resign using its own > private key, to authenticate the list, and testify that it had > authenticated the sender. > > I also don't understand what you mean by "not authentic mail". The > original signature proves it authentic. The subscribers may > not have the appropriate to key to verify, but in that case I don't > see why they would want to delegate it to Mailman. > > I think you have a difficult task in merely specifying what you want > this system to do. That's likely to be a couple orders of magnitude > harder than the implementation! > > > Yes, this was on the top of my mind while trying to attempt this > > project. I learned about key-servers. I think we could setup one > > wherein all the public key would be stored that are uploaded by > > users and retrieved when needed. > > But who watches the watcher? That is, what does the keyserver need to > know about the key's owner, and how does the candidate subscriber > prove it to the keyserver? > > I think there are lots of use cases for integrating mailing list > managers into the public key infrastructure, but you need to be > careful to specify them. I think you probably should start with > simple use cases, like proving subscriber identity to the mailing list > manager, eg for anti-spam purposes.[1] > > I gave a thought and yes some parts of it doesn't actually makes sense. Instead for proving a subscribers identity to a list manager we could add add a setting to accept messages only from registered signatures. Each subscriber add his public key when he subscribes to the list( or when settings are changed to accept mails with only registered signature). This could also help in spam reduction as only mails with registered users(with registered keys) would be distributed among the list subscribers. Can you please point me in some direction to learn about the various possible ways to sign a mail and/or encrypt it. Also i think adding the key as a new column against the email in the list of subscriber would do the work. I haven't worked with postorius but i have experience with django so i think some ui can also be added in postorius to manage this although this is just and idea which i think i can expand in a few days as I am working on postorius. > Footnotes: > [1] Even that is not a sure winner, since most users will not know > how to do this for themselves. So it will have to be integrated into > clients, which themselves might be infected by a virus. > > -- Abhilash Raj ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] OpenPGP Integration on GSoC
Hi all, My name is Marcos Chavarría and I'm a fourth year computer science student from Galicia, Spain. I'm interested in the OpenPGP integration project for this year SoC. I have experience working with python in several university projects and I have some knowledge about crypto primitives (I made Coursera Cryptography course[1]). The problem is that I'm not sure if I understand the idea. This is how I see it: 1) Users summit their public key to MailMan server when they register to mail list. 2) The user can get MailMan Server public key 3) When an user want to post a message they both sign and encrypt this message. They encrypt the message using MailMan public key. Then the message is sent to MailMan Server. 4) MailMan decrypt the received message and check if the sign is correct (with the stored public user public key). If the sign is correct, it sends a message to every mail-list subscripter encrypted with each user public key. 5) The other user receive the email and decrypt it. Is this correct? Best Regards, Marcos Chavarría [1] https://www.coursera.org/course/crypto ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] Mailman/PSF GSoC Students: Next steps
Hello prospective GSoC students, there are roughly four weeks left until the application deadline on May 03 2013. Sounds like a lot, but it time's running fast. ;-) The application period opens on April 22. Ideally, you should already have a pretty good understanding of the boundaries of your project proposal(s) around that time. So use this week and the next for further discussions, ask questions, do some reading. This will give you a better feel for what the overall work load might be (which is crucial for a healthy project timeline). Most important, don't worry about sounding stupid or not knowing something! There are several moving parts inside the Mailman software ecosystem and no-one expects you to grok everything right from the start. Once the application period has started, it's better to apply sooner than later. Don't worry if your application is unfinished -- it will be editable until the deadline (at which point it must, of course, be complete). But it's better to have it in the system early than to wait until the last minute. Just leave a note saying it's still in draft status. We will put an application template on the wiki to give you a rough outline of what we expect the applications to contain. Lastly, to avoid possible confusion: The mentoring organisation you have to apply with is the Python Software Foundation. Since the PSF handles a lot of sub projects like Mailman, it'll be a good idea to put "Mailman" in the title of your application so we can find it and nothing gets missed. Cheers Florian ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Mailman not in GSOC'13 accepted organization
Just like last year, Mailman's going to be participating as a sub-organization under the Python Software Foundation. Unfortunately, this means that our name doesn't show up directly on the org list -- you'll need to click through from python to find us. I'm going to set up some tags so the sub-orgs will be more visible to those searching that list, but it probably won't get done 'till I'm finished work for the day. Terri On 04/09/2013 09:44 AM, Avik Pal wrote: Hello, can not see mailman in GSOC'13 accepted organization list, I am a bit baffled. did it make through this year? Avik Pal Bengal Engineering & Scieence University,Shibpur github:https://github.com/avikpal IRC:- irc://freenode/avikp,isnick twitter:-https://twitter.com/avikpalme ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] Mailman not in GSOC'13 accepted organization
It's participating with Python as its parent organization. Check the gsoc13 page for Python. On Tue, Apr 9, 2013 at 9:14 PM, Avik Pal wrote: > Hello, > can not see mailman in GSOC'13 accepted organization list, I am a > bit baffled. did it make through this year? > > > > > Avik Pal > Bengal Engineering & Scieence University,Shibpur > github:https://github.com/avikpal > IRC:- irc://freenode/avikp,isnick > twitter:-https://twitter.com/avikpalme > ___ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ > Unsubscribe: > http://mail.python.org/mailman/options/mailman-developers/apoorvupreti%40gmail.com > > Security Policy: http://wiki.list.org/x/QIA9 > -- -Apoorv ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] Mailman not in GSOC'13 accepted organization
Hello, can not see mailman in GSOC'13 accepted organization list, I am a bit baffled. did it make through this year? Avik Pal Bengal Engineering & Scieence University,Shibpur github:https://github.com/avikpal IRC:- irc://freenode/avikp,isnick twitter:-https://twitter.com/avikpalme ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
Re: [Mailman-Developers] GSOC 2013 - Introduction and Project Discussion
On Tue, 2013-04-09 at 08:27 +0900, Stephen J. Turnbull wrote: > Pierre-Yves Chibon writes: > > On Sat, 2013-04-06 at 15:03 +0530, Udit Saxena wrote: > > > 2. Web Posting Interface. > > > > Isn't this similar/overlapping to what HyperKitty already does? > > No. There's no reason why a web posting interface needs to interact > with the archives; it can talk directly to Mailman core, and will need > to do so for other features such as authentication, sister lists, and > the like. You get archiving for free. How do you reply to a thread if you don't have access to the archives? > > I don't think one would want to embed posting messages from the admin > > interface of mailman (postorious), so posting from an interface would > > have to deal with archives as well (since one might want to reply to an > > existing thread). > > It could be as simple as embedding a button with an appropriate URL > communicating the information needed to compose a message in the > archive display interface. On the other hand, the posting interface > to the archives could be a full separate subsystem, with a special- > purpose browsing system oriented to rapidly selecting and yanking > content from related messages. > > It might make sense to embed the interface in HyperKitty, which also > has to deal with authentication, at least. But since posting and > browsing are separate features I tend to favor creating an appropriate > protocol for web posting, independent of the archive protocol and > implementation. If it is thought as a different system then I understand. I was more confused if that was thought as part of HyperKitty as I believe it already does that to some extend (I'll let Aurélien specify to which extend). Thanks for clarifying, Pierre ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
[Mailman-Developers] GSOC 2013 : Web Posting Interface
Hello to all the members of the community. My name is Peter Markou and I'm currently running the last year of my university course. I'm deeply interested in implementing the "Web Posting Interface". Since I've maintained and integrated phpBB forum in a european project that I participated about 8 months ago(MUTW - Multinational Undergraduate Team Work http://mutw.praxisnetwork.eu/ ) I think I will be able to offer some additional features to make it a replacement for phpBB. Thanks in advance for your time and looking forward to discuss any further details. ___ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/archive%40jab.org Security Policy: http://wiki.list.org/x/QIA9
