[Mailman-Developers] PGP and Mailman

Mon Feb 28 18:40:22 CET 2005

Hi,

I will write and publish a patch which integrates PGP signature
validation and re-encryption of encrypted posts to mailman.  Specs are:

- A post will be distributed only if the PGP signature on the post is from
  one of the list members.
- For sending encrypted email, a list member encrypts to the public key of
  the list.  The post will be decrypted and re-encrypted to the public keys
  of all list members.

(Later, the patch will handle RFC 2633 (S/MIME) messages too, next to
RFC 2440 (OpenPGP)).

I've taken a look at the NAH6 secure list patch #646989 at
http://sourceforge.net/tracker/index.php?func=detail&aid=646989&group_id=103&atid=300103
and at Ben Laurie's patch #645297 at
http://sourceforge.net/tracker/index.php?func=detail&aid=645297&group_id=103&atid=300103
, but I believe none of these completely implements the listed
requirements (although these will help me implementing, of course).  I
am asking you to take a look at my plan for implementation.  Am I on the
right track?

So, the plan:

I think one way to implement it would be to add two modules to
GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'.
PGPCheck would check wether the message is encrypted, and, if so, make a
temporary decrypted copy in order to verify with which key is was
signed.  If the message is unencrypted, it would check the signature.
It would store this information in new properties of the Mailman Message
object.

A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be
called after CookHeaders' and before 'ToDigest'.  This would, if needed,
decrypt the message and reencrypt it to all recipients, and would sign
it.

If for instance a list member erroneously signs a post with a wrong
public key, and encrypts the message, this message should be handled
carefully.  I believe the Hold module should be adapted for this.  A
copy of the original encrypted message should be kept.  The message
should be decrypted, signed with the listkey, encrypted to the list
moderator key, and sent for acknowledgement.  If the moderator chooses
to deny the message, the poster should get her original message back.
(I guess.)

For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface (
http://py-gnupg.sourceforge.net/ ).  I plan to write the patch against
current stable Mailman.

Any insight to share on this?

Thanks!  Bye,

Joost

-- 
Joost van Baal                            http://abramowitz.uvt.nl/
                                                 Tilburg University
j.e.vanbaal at uvt.nl                                  The Netherlands
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://mail.python.org/pipermail/mailman-developers/attachments/20050228/484a0ba1/attachment.pgp