[Mailman-Developers] GSOC Project idea: OpenPGP integration

Abhilash Raj raj.abhilash1 at gmail.com
Wed Apr 10 03:30:00 CEST 2013 

On Sun, Apr 7, 2013 at 7:46 PM, Stephen J. Turnbull <stephen at xemacs.org>wrote:

> Abhilash Raj writes:
>
>  > Well what i want to make it is that whenever a user sends a mail to the
>  > list it should be singed with his private key so that it can be verified
>  > against his public that he uploads if he wants permissions to post in
> the
>  > list.
>
> You mean that the user should sign it himself (or with the help of his
> mail client), is that correct?

Yes, the user should sign it himself. I am not sure about how it would be
done though.

>
>  > As the message is received by mailman its signature is verified and
>  > then its encrypted and sent to each person, wherein those who
>  > haven't uploaded their key will also receive an unencrypted
>  > copy(with a probability that it may not be intended for them or not
>  > authentic mail).
>
> I don't understand the use case for having both encrypted and
> unencrypted copies distributed.  Is the encryption intended to be
> merely authentication?  But what Mailman has is by definition the
> subscriber's public key; anybody might have that.  It *could* be kept
> secret, but I think that's not so easy to prove.
>
> I would have imagined that maybe Mailman would resign using its own
> private key, to authenticate the list, and testify that it had
> authenticated the sender.
>
> I also don't understand what you mean by "not authentic mail".  The
> original signature proves it authentic.  The subscribers may
> not have the appropriate to key to verify, but in that case I don't
> see why they would want to delegate it to Mailman.
>
> I think you have a difficult task in merely specifying what you want
> this system to do.  That's likely to be a couple orders of magnitude
> harder than the implementation!
>
>  > Yes, this was on the top of my mind while trying to attempt this
>  > project. I learned about key-servers. I think we could setup one
>  > wherein all the public key would be stored that are uploaded by
>  > users and retrieved when needed.
>
> But who watches the watcher?  That is, what does the keyserver need to
> know about the key's owner, and how does the candidate subscriber
> prove it to the keyserver?
>
> I think there are lots of use cases for integrating mailing list
> managers into the public key infrastructure, but you need to be
> careful to specify them.  I think you probably should start with
> simple use cases, like proving subscriber identity to the mailing list
> manager, eg for anti-spam purposes.[1]
>
>
I gave a thought and yes some parts of it doesn't actually makes sense.
Instead for proving a subscribers identity to a list manager we could add
add a setting to accept messages only from registered signatures. Each
subscriber add his public key when he subscribes to the list( or when
settings are changed to accept mails with only registered signature). This
could also help in spam reduction as only mails with registered users(with
registered keys) would be distributed among the list subscribers.

Can you please point me in some direction to learn about the various
possible ways to sign a mail and/or encrypt it.

Also i think adding the key as a new column against the email in the list
of subscriber would do the work.

I haven't worked with postorius but i have experience with django so i
think some ui can also be added in postorius to manage this although this
is just and idea which i think i can expand in a few days as I am working
on postorius.


> Footnotes:
> [1]  Even that is not a sure winner, since most users will not know
> how to do this for themselves.  So it will have to be integrated into
> clients, which themselves might be infected by a virus.
>
>


-- 
Abhilash Raj

More information about the Mailman-Developers mailing list