Hi Jonas,
On 27 February 2016 at 10:35, Jonas <jonax@openmailbox.org> wrote:
Hello Mailman developers,
I was planning to write a pgp-encryption plugin for Mailman 3 that manages one keypair per list and pubkeys of the subscribers. I'm considering to do it as my first-time Google Summer of Code project.
Welcome!
I have read the GSoC 2016 rules and the Mailman wiki GSoC 2016 pages. I will try to work myself more into the mailman-core sources the next few days and try to make an improvement (eg bugfix).
About me: I have been studying computer science in germany for two and a half years. I have sent patches to some libre, mainly C and C++, projects. I have only minor experience in Python but I'm used to learning by reading documentation and sources. Feel free to mail me if you have questions.
The Project Idea: Encrypted malinglists have been been a much-requested feature in mailman 2 and I would like to run some encrypted mailinglists myself. There is no stable pgp-aware mailserver at this time but there has been an unstable patch for mailman 2.1.51 and some other unstable encrypted list servers 2). This Project could also help to evaluate the Mailman 3 plugin system.
If you don't know, I worked on this project some time back in GSoC 2013. The current state of that project is not very good and probably needs a *lot* of rebasing to do. I have been thinking about revisiting the project, but haven't been able to. I don't mind another GSoC for the same project if you can put up a proposal that would land the project in a better end state than I did ;-).
Here is a link1 to discussions that have already been done before on this idea. Please read it carefully as there has been a pretty extensive discussion on the security model and usability of such an implementation.
I have a few small questions doubts about your features below...
Some features could be:
- Automatic pubkey collection from inbound mail
What happens if I send a forged email with some user's email address as FROM and use a fake key? Automatic public key collection isn't a very good idea, you should be *very* careful about how you handle public keys.
- Outbound mail encryption and signature validation
I would suggest you keep encryption as a part of extended goals in case of GSoC. You'd be surprised how many students are not able to finish their proposal in time. I don't say they did not do good work, just that they did not make a good estimate of their time which is a good skill one should have.
- Automatic keypair generation for pgp-aware lists
Just to let you know, generating keys in virtual environments is not that easy due to less available randomness as compared to PCs.
- Inbound mail decryption and outbound mail signature
Can you elaborate on this? Shouldn't both be working differently? Encrypted emails distributed as encrypted email and signed email distributed as signed.
- A mailinterface for organizing the encrypted lists, subscribers public keys and trust levels
I would like to know more on how you plan to do this.
- A webinterface
Can be integrated in Postorius (Mailman 3's default web UI)
- PGP Information in the messages (e.g. was the incoming mail signed by a trusted subscriber?)
- Optionally forced encryption (such a list never sends mail to an adress to which it can't encrypt with a pubkey that has a certain level of trust and/or won't accept inbound mail in plaintext)
- Optionally forced signature (inbound mail to the list has to be signed with a key that has a certain level of trust in order to be published)
- pgp-aware command system. (eg optionally only accept admin mail commands from signature-verified mail admins)
Features 1.-5. are essential.
Thoughts on Implementation: pygpgme could be used for encryption which might easily enable S/MIME as well. Keys could be stored in the filesystem or in databases using SQLAlchemy. The encryption step could be implemented as a pipeline.
Encrypted lists in mailman would be great, I think I can implement the plugin myself but I will need help to ensure the reliability and security of the plugin.
What are your thoughts on pgp in Mailman 3?
Is this a suitable Project for the Google Summer of Code 2016?
I think so.
Would anyone be interested in becoming my mentor for this project?
I can, depending on your application.
Thank you, Jonas
Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40g...
Security Policy: http://wiki.list.org/x/QIA9
-- thanks, Abhilash Raj