[Mailman-Developers] [GSoC] Encrypted mailing lists - second evaluation

Jan Jancar johny at neuromancer.sk
Tue Jul 25 20:12:16 EDT 2017 

Hi all!

https://neuromancer.sk/article/14

=================
Second evaluation
=================

The second evaluation period came quite fast after the first one,
nonetheless the project advanced much further so quick recap of its
current state is in order.

Since first evaluation
======================

SMTPS + STARTTLS
----------------

[MR 286](https://gitlab.com/mailman/mailman/merge_requests/286)

Finally with working tests after upstream fixes in aiosmtpd.


Pluggable components (plugins)
------------------------------

[MR 288](https://gitlab.com/mailman/mailman/merge_requests/288)

Rebased after the Click CLI processing branch was merged and got it to
work nicely in the end. There was an issue with config processing, as
plugins can now supply their own CLI commands and plugins are
configured/specified in the Mailman core config, which can be supplied
by a CLI option. So that created a bit of an argument
processing/lazy-loading issue but looking some more at how Click works I
was able to quickly resolve it. Config option is now an
[eager](http://click.pocoo.org/5/options/#callbacks-and-eager-options)
one and initializes Mailman before commands need to be listed/used.


Pluggable workflows
-------------------

[MR 299](https://gitlab.com/mailman/mailman/merge_requests/299)

Also rebased and added tests to get diffcov to 100% and fix one of the
migrations in that branch, as it was broken before.


Key management (plugin)
-----------------------

Implemented email commands for managing per-address PGP keys in plugin.
It uses pluggable workflows to plug into the subscription process of a
PGP enabled mailing list and requests the user key, also does mailback
confirmation of it. The key is then available to the list moderator
during subscription moderation, and more generally to the plugin for
verifying signatures and encrypting. After subscription key management
is also implemented where a user can change his set key, provided he can
sign a challenge provided by the plugin with the old key. Key revocation
handling is also necessary, but not yet done.


Outgoing processing (plugin)
----------------------------

Implemented custom Bulk and Individual delivery classes for PGP enabled
lists in plugin. These deliveries optionally encrypt the mail to
subscribers keys, and/or sign with the list key. The bulk one retains
anonymity of subscribers as the keyids are zeroed out of the
PKESK(Public Key Encrypted Symmetric Key) packets which OpenPGP
implementations should handle as a wildcard keyid and try decrypting
with all usable private keys. It is also almost as efficient as it can
be, as it only encrypts the message with one session key per chunk and
then encrypts said session key to recipients in the chunk. The signing
is also configurable.


Signature hash tracking (plugin)
--------------------------------

Implemented store of signature hashes from successful postings to a PGP
enabled list which are then (optionally) used to stop replay of the same
signature by Mailman in a future posting.


PyPI package (plugin)
---------------------

[mailman-pgp @ PyPI](https://pypi.python.org/pypi/mailman-pgp)

Created the PyPI package for the PGP plugin.


Overall
=======

I would like to be a bit further in the project at this point, however I
am very optimistic about the next days and weeks. After resolving some
issues and TODOs I have for the current plugin implementation and
setting up the live Mailman instance with the PGP plugin, which should
be up by the end of the week. I believe I can start work on the other
side of the REST API, of somehow hooking PGP enabled archives/lists to
Postorius and HyperKitty.


Cheers,
-- 
Jan
______________________________________________________
   /\  # PGP: 362056ADA8F2F4E421565EF87F4A448FE68F329D
  /__\  # https://neuromancer.sk
 /\  /\  # Eastern Seaboard Phishing Authority
/__\/__\  #

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 862 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20170726/36f7449a/attachment.sig>

More information about the Mailman-Developers mailing list