[Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj raj.abhilash1 at gmail.com
Sun Apr 7 13:01:24 CEST 2013 

Thanks all for replying.


On Sun, Apr 7, 2013 at 4:47 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net>wrote:

> On 04/06/2013 06:53 PM, Paul Wise wrote:
> > On Sun, Apr 7, 2013 at 5:19 AM, Abhilash Raj wrote:
> >
> >> I am a undergrad student interested in OpenPGP integration in mailman
> as a
> >> GSOC project this summer.
>
> neat, i'm glad to hear it!
>
> > I'm not sure about the scope of your project but you may want to
> > review some prior efforts:
> >
> > http://schleuder2.nadir.org/
> > http://www.synacklabs.net/projects/crypt-ml/
>
> see also:
>
>   http://non-gnu.uvt.nl/mailman-pgp-smime/
>   http://sels.ncsa.illinois.edu/
>
> > My pet favourite feature from the lurker mail archiver is showing
> > photos from OpenPGP keys in the archive pages.
>
>
Thanks for these links. I am currently going through these projects to
figure out the implementation part of the OpenPGP into mailman. Also trying
to use the mailman-php-smime patch to figure out how it is implemented.

> :)
>
> there are a lot of different ways that you might try to integrate
> message encryption, message signing, etc into a mailing list.  There are
> also a lot of ways to make it easy for users and administrators to shoot
> themselves in the foot with this stuff; and even seasoned system
> administrators with years of crypto background can get wrong. :(
>
> If i were you, Abhilash, i would start by trying to write up a concise
> statement about what specific enhancement you want to make from an
> end-user perspective, and what threat model your enhancement addresses.
>
> here are three (very different) starting points as examples:
>
>  A) I want to make it so that only correctly-signed messages will be
> redistributed to the list.
>
>  B) I want to make it so that no one but the list subscribers will be
> able to be able to view the content of messages sent to the list.
>
>  C) I don't want the identities of anyone subscribed to the mailing list
> to be known to anyone but the other subscribers.
>
> There are layers of nuance to resolve with each of those goals.  i had a
> hard time keeping them that short because of all the exceptions and
> questions they raised in my head when i wrote them (Hint: i'm not
> convinced that either of them is actually well-defined enough to even be
> considered possible), but some form of either of them might be possible
> if you make them more precise.
>
> Can you try defining what sort of feature you'd like to see implemented?
>
>
Well what i want to make it is that whenever a user sends a mail to the
list it should be singed with his private key so that it can be verified
against his public that he uploads if he wants permissions to post in the
list. As the message is received by mailman its signature is verified and
then its encrypted and sent to each person, wherein those who haven't
uploaded their key will also receive an unencrypted copy(with a probability
that it may not be intended for them or not authentic mail).

I also agree that I am new to cryptography so I cannot comment/assure about
the implementation of this idea. But with your help I think I think I would
be able to implement the best possible version of this idea.


> Also, key management is likely to be a large part of any project like
> this.  Have you thought about how a keyring for a mailing list should be
> handled?
>
>
Yes, this was on the top of my mind while trying to attempt this project. I
learned about key-servers. I think we could setup one wherein all the
public key would be stored that are uploaded by users and retrieved when
needed.

> Regards,
>
>         --dkg
>
>
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> http://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> http://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gmail.com
>
> Security Policy: http://wiki.list.org/x/QIA9
>


Thanks!
-- 
Abhilash Raj

More information about the Mailman-Developers mailing list