Hi, I saw the idea to create various kinds of encrypted lists, Could you elaborate the following: 1)The amount of knowledge of security (and if possible the sources to achieve the same) 2)The development environment (what else is required apart from linux) 3)Any other task for me to strengthen my application(I would try fixing bugs on my level though)
Thank-you.
Hi Bhavishya,
On 03/05/2017 11:24 AM, Bhavishya wrote:
Hi, I saw the idea to create various kinds of encrypted lists, Could you elaborate the following: 1)The amount of knowledge of security (and if possible the sources to achieve the same)
Since we are going to work on the idea of encrypted lists, you are expected to be aware about the basic types of encryption, their purpose and which would be suitable for this case. Usually, we use public-key cryptography for signing/encrypting emails.
You may want to read up a bit on how and what would "encrypted lists" actually mean. There was a pretty good discussion for Google Summer of Code 2013 on the same topic and I believe it might be helpful for you get started (You can search the archives for this list and if possible filter with my name as sender to find the threads).
2)The development environment (what else is required apart from linux)
Mostly just Linux and python are what we use for development.
3)Any other task for me to strengthen my application(I would try fixing bugs on my level though)
A bug fix is needed for you to complete your application, so that is a must. Apart from that, we want you to have some idea about what this project is actually about. We (the mentors) would then chime in with the details and reviews and all our help for your application.
Thank-you.
Thank you!
Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40g...
Security Policy: http://wiki.list.org/x/QIA9
-- thanks, Abhilash Raj
Hi,
Apart from what Abhilash wrote, I have a few ;-) additional comments.
Bhavishya writes:
Hi, I saw the idea to create various kinds of encrypted lists, Could you elaborate the following: 1)The amount of knowledge of security (and if possible the sources to achieve the same)
You need to understand what a "threat model" is, and the structure of a mailing list as a system to know what threats can be defended against, and to decide which threats to defend against. You need to understand how mailing lists and the mail system work in some detail, and what the use cases for encrypted lists might be. For self-study, you could start with Bruce Schneier's blog, especially his famous post on "the security mindset", and with Steve Bellovin's book, _Thinking Security_. Bellovin's book has many references. The core mail security RFCs are enumerated below.
The code for various encryption algorithms is already available in the standard library (OpenSSL, for example, although a lot of people deprecate it) and in 3rd-party libraries on PyPI. Writing encryption modules is not part of this task.
2)The development environment (what else is required apart from linux)
Python 2.7, Python 3.5 (both 2.7 and 3.5 are currently *required*), plus Python 3.6 if you're adventurous (GNU Mailman 3 doesn't officially support Python 3.6 yet), modules from PyPI as-needed. Your Python(s) must be built to support OpenSSL, or some other source of implementations for encryption algorithms. git. The Mailman Suite (the subprojects mailman, mailmanclient, django-mailman3, postorius, hyperkitty, mailman-hyperkitty) from http://gitlab.com/mailman. (Dependencies for the suite will be installed automatically by the setup.py for each component.) An MTA, either Postfix (most popular among Mailman core developers) or Exim4 (supported). Sendmail and Qmail may be usable but are not advised unless you can provide support for them yourself -- there is ZERO support in Mailman 3 itself. It may not be very hard to support a new MTA (it took me 10 minutes to configure Exim4 and 30 to write the docs), but you won't get much help from us. Why risk it? It would be nice if you have a test domain where you can install Mailman on the standard SMTP port 25 or submission port 587, but testing on localhost is acceptable.
3)Any other task for me to strengthen my application(I would try fixing bugs on my level though)
Get an account on gitlab. Read the FAQ for Mailman 2, the archives for mailman-users, mailman-developers, and mailman3-users to get some idea of the level and needs of our users. Subscribe to those lists.
Take a look at RFCs 5321 (SMTP), 5322 (Internet Message Format), 4949 (security glossary), and 5598 (email architecture). Bookmark them and RFCs 2045 (MIME), 2046 (MIME), 2387 (multipart/related), 2015 (MIME/PGP), 3156 (MIME/OpenPGP), 5751 (S/MIME), and 5752 (multiple signatures).
I recommend reading all the way through RFC 4949, as a complement to Schneier's blog and Bellovin's book (or similar). RFC 5598 is very important, as it is fundamental to understanding the threat models involved in email and indirect flows including mailing lists. Read the abstracts and introductions to RFCs 5321 and 5322, as understanding the basic concepts of email are going to be very important. For the rest just bookmarking is fine. We would eventually be referring to them in the implementation most likely, but you don't need to be totally familiar for the application.
Steve
On Mar 06, 2017, at 07:11 PM, Stephen J. Turnbull wrote:
Python 2.7, Python 3.5 (both 2.7 and 3.5 are currently *required*), plus Python 3.6 if you're adventurous (GNU Mailman 3 doesn't officially support Python 3.6 yet)
Note that 3.4 is also an officially supported version for core. Mailman 3.1 will -and current core git HEAD does- officially support 3.6.
Cheers, -Barry
Barry Warsaw writes:
Note that 3.4 is also an officially supported version for core.
Yes. Let me clarify that I was referring to what the mentor (me ;-) is willing to support for this GSoC project (in the interest of minimizing the motion of the target platform for the intern; that's also why I specify OpenSSL[1] for algorithm support).
Footnotes: [1] Which Cory and Christian and Donald use as a punching bag on python-dev and Twitter.
On Mar 07, 2017, at 06:29 PM, Stephen J. Turnbull wrote:
Barry Warsaw writes:
Note that 3.4 is also an officially supported version for core.
Yes. Let me clarify that I was referring to what the mentor (me ;-) is willing to support for this GSoC project (in the interest of minimizing the motion of the target platform for the intern; that's also why I specify OpenSSL[1] for algorithm support).
Fair enough! :)
-Barry
Hi everyone, My name is Sagar Kohli. I am a sophomore from IIT Guwahati. I have recently gotten involved with the mailman project, and gained familiarity with postorius and mailman core. I want to work on the project "Encrypted lists". After going through the previous posts, I have begun reading about encryption and RFC a bit. After getting familiar with these topics i would like to discuss the project with the mentors. Thanks.
Sagar Kohli.
Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/ma ilman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/k ohli.sagar2%40gmail.com
Security Policy: http://wiki.list.org/x/QIA9
participants (5)
-
Abhilash -
Barry Warsaw -
Bhavishya -
sagar kohli -
Stephen J. Turnbull