[Mailman-Developers] PGP and Mailman
Stefan Schlott
stefan.schlott at informatik.uni-ulm.de
Tue Mar 1 21:01:06 CET 2005
Hi Joost,
> I will write and publish a patch which integrates PGP signature
> validation and re-encryption of encrypted posts to mailman. Specs are:
Don't duplicate work which has already been done :-) I made
modifications to mailman 2.1.5 for encrypted mailinglists, but I kept
quiet for testing. The test installation seems to behave pretty stable
now, so this seems to be a goot point making the patch public.
The patch (and a german status of the project) is here:
http://medien.informatik.uni-ulm.de/~stefan/gpg-mailman.xhtml
Direct link to the patch:
http://medien.informatik.uni-ulm.de/~stefan/mailman-2.1.5-gpg_2005-02-22.diff.gz
> - A post will be distributed only if the PGP signature on the post is from
> one of the list members.
Not implemented in my patch. Signatures are recognised but not used as
means of authentication for sending to the list.
> - For sending encrypted email, a list member encrypts to the public key of
> the list. The post will be decrypted and re-encrypted to the public keys
> of all list members.
Done.
> (Later, the patch will handle RFC 2633 (S/MIME) messages too, next to
> RFC 2440 (OpenPGP)).
Modular extension of my patch should be possible.
Features of the patch:
- Web interface for key upload (list key, users' keys)
- Several policies for accepting and delivering mails:
- Incoming mail must not / may / must be encrypted
- Outgoing mails must not / may / must be encrypted
- Information on poster's signature embedded in redistributed message
- Incoming mail formats: Inline-PGP and PGP/MIME
- Outgoing mail formats: Currently PGP/MIME only
Current problems: Inline-PGP has never been standardised. This is awful.
Every mailer does it a little bit different (content type of mail,
encryption of attachments, treatment of encoding scheme). There is still
work to do.
> So, the plan:
>
> I think one way to implement it would be to add two modules to
> GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'.
At this place, I implemented decryption (and encryption policy enforcement).
> A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be
> called after CookHeaders' and before 'ToDigest'. This would, if needed,
> decrypt the message and reencrypt it to all recipients, and would sign
> it.
I found no elegant way for distributing encrypted mails, so I patched a
copy of the SMTPDirect handler. Currently, every mail is delivered
separately (as done for personalised mails); I didn't figure out at
first glance how chunking works... otherwise, a mail might be encrypted
to several recipients - increasing its length by several bytes, but
reducing the number of forks of gpg processes.
> For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface (
> http://py-gnupg.sourceforge.net/ ).
That's what I used. Mind that py-gnupg (and gpgme, too) forks a gpg
process for every operation. In large lists, this is pretty costly.
What do you think? The whole signature thing you planned is still
missing, and inline-pgp needs some more work.
Stefan.
More information about the Mailman-Developers
mailing list