[Mailman-Developers] GSoC Project: pgp plugin

Abhilash Raj raj.abhilash1 at gmail.com
Sat Feb 27 22:48:36 EST 2016 

Hi Jonas,

On 27 February 2016 at 10:35, Jonas <jonax at openmailbox.org> wrote:

> Hello Mailman developers,
>
> I was planning to write a pgp-encryption plugin for Mailman 3 that
> manages one keypair per list and pubkeys of the subscribers.
> I'm considering to do it as my first-time Google Summer of Code project.
>

Welcome!


>
> I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages.
> I will try to work myself more into the mailman-core sources the next
> few days and try to make an improvement (eg bugfix).
>
> About me:
> I have been studying computer science in germany for two and a half
> years. I have sent patches to some libre, mainly C and C++, projects. I
> have only minor experience in Python but I'm used to learning by reading
> documentation and sources.
> Feel free to mail me if you have questions.
>
> The Project Idea:
> Encrypted malinglists have been been a much-requested feature in mailman
> 2 and I would like to run some encrypted mailinglists myself.
> There is no stable pgp-aware mailserver at this time but there has been
> an unstable patch for mailman 2.1.5[1] and some other unstable encrypted
> list servers [2][3]). This Project could also help to evaluate the
> Mailman 3 plugin system.
>
>
If you don't know, I worked on this project some time back in GSoC 2013.
The  current state of that project is not very good and probably needs a
*lot* of rebasing to do. I have been thinking about revisiting the project,
but haven't been able to. I don't mind another GSoC for the same project if
you can put up a proposal that would land the project in a better end state
than I did ;-).

Here is a link[1] to discussions that have already been done before on this
idea. Please read it carefully as there has been a pretty extensive
discussion on the security model and usability of such an implementation.

I have a few small questions doubts about your features below...


> Some features could be:
>  1. Automatic pubkey collection from inbound mail
>

What happens if I send a forged email with some user's email address as
FROM and use a fake key? Automatic public key collection isn't a very good
idea, you should be *very* careful about how you handle public keys.


>  2. Outbound mail encryption and signature validation
>

I would suggest you keep encryption as a part of extended goals in case of
GSoC. You'd be surprised how many students are not able to finish their
proposal in time. I don't say they did not do good work, just that they did
not make a good estimate of their time which is a good skill one should
have.


>  3. Automatic keypair generation for pgp-aware lists
>

Just to let you know, generating keys in virtual environments is not that
easy due to less available randomness as compared to PCs.


>  4. Inbound mail decryption and outbound mail signature
>

Can you elaborate on this? Shouldn't both be working differently? Encrypted
emails distributed as encrypted email and signed email distributed as
signed.


>  5. A mailinterface for organizing the encrypted lists, subscribers
>     public keys and trust levels


I would like to know more on how you plan to do this.


>  6. A webinterface
>

Can be integrated in Postorius (Mailman 3's default web UI)


>  7. PGP Information in the messages (e.g. was the incoming mail signed
>     by a trusted subscriber?)
>  8. Optionally forced encryption (such a list never sends mail to an
>     adress to which it can't encrypt with a pubkey that has a certain
>     level of trust and/or won't accept inbound mail in plaintext)
>  9. Optionally forced signature (inbound mail to the list has to be
>     signed with a key that has a certain level of trust in order to be
>     published)
> 10. pgp-aware command system. (eg optionally only accept admin mail
>     commands from signature-verified mail admins)
>
> Features 1.-5. are essential.
>
> Thoughts on Implementation:
> pygpgme could be used for encryption which might easily enable S/MIME as
> well. Keys could be stored in the filesystem or in databases using
> SQLAlchemy. The encryption step could be implemented as a pipeline.
>
>
> Encrypted lists in mailman would be great, I think I can implement the
> plugin myself but I will need help to ensure the reliability and
> security of the plugin.
>
> What are your thoughts on pgp in Mailman 3?
>
> Is this a suitable Project for the Google Summer of Code 2016?
>

I think so.


> Would anyone be interested in becoming my mentor for this project?
>

I can, depending on your application.


>
>
> Thank you,
> Jonas
>
>
> [1]: https://non-gnu.uvt.nl/mailman-pgp-smime/
> [2]: http://schleuder2.nadir.org/
> [3]: http://schleuder2.nadir.org/documentation/v2.2/faq.html#index2h3
> _______________________________________________
> Mailman-Developers mailing list
> Mailman-Developers at python.org
> https://mail.python.org/mailman/listinfo/mailman-developers
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Searchable Archives:
> http://www.mail-archive.com/mailman-developers%40python.org/
> Unsubscribe:
> https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40gmail.com
>
> Security Policy: http://wiki.list.org/x/QIA9
>



-- 
thanks,
Abhilash Raj

More information about the Mailman-Developers mailing list