[Mailman-Developers] [GSoC] Encrypted mailing lists - update v12
johny at neuromancer.sk
Wed Aug 9 12:56:03 EDT 2017
Web UI integration
This post is about my current plans on how to implement the web ui part
of PGP enabled Mailman. It strives to integrate into the Mailman Suite
and use its features to the maximum possible degree.
General idea: Refactor general stuff to django-mailman3, to allow apps
to hook up together in Mailman Suite easily, and then use that to hook
Show PGP enabled public lists, with their key fingerprints, with the
option to download their public keys, also show some of their
configuration (so that subscribers can see that for example if they send
a cleartext message to a list that requires encrypted messages, it will
Enable list owner to configure the PGP related per-list configuration
Enable list owner to set/see the list key (private part). This is quite
questionable and will have a site-level option to be turned off (the
REST API will then not serve the list private key).
The same level of user key management as the `key` command allows, with
similar steps during key change/revocation.
Another django app is installed in the same project as Postorius +
HyperKitty, django-pgpmailman. This app provides a list of PGP enabled
mailing lists and their PGP related management in a similar way
Postorius does, also user key management.
There are few places where Postorius refers to HyperKitty and vice
versa, for adding the appropriate links/icons to the navbar as well as
for the user menu entries. These references will be refactored to some
mechanism in django-mailman3, which will allow any installed django app
to add it's entry to the navbar or the user menu. This will allow
django-pgpmailman to hook up rather easily, without any direct
references to it from Postorius/HyperKitty/django-mailman3.
The archiving web UI is a tougher nut to crack. I either have to develop
a custom PGP mail archive frontend and integrate it similar to the PGP
list management app, or integrate with HyperKitty transparently, so that
archives are received encrypted, stored encrypted, and yet served to
subscribers in clear. Developing a custom app is quite unrealistic and
it would lack most HyperKitty functions.
However hooking up an encrypted message store to HyperKitty is also
non-trivial, as HyperKitty is strongly tied with storing messages in
it's database and using a django Model to represent a message.
I currently have no realistic ideas, one that comes to mind, is to
create a custom django database backend, that somehow stores everything
encrypted, but thats a very unwieldy solution that likely won't work well.
Fixed many little issues with the PGP plugin and PGPy. Got it to work
quite nicely, below you can see a message received by a subscriber, by a
PGP enabled discussion list, encrypted to his key, as shown by
Thunderbird with the EnigMail plugin:
Also finally merged the finished `key revoke` command to mailman-pgp/master.
/\ # PGP: 362056ADA8F2F4E421565EF87F4A448FE68F329D
/__\ # https://neuromancer.sk
/\ /\ # Eastern Seaboard Phishing Authority
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 862 bytes
Desc: OpenPGP digital signature
More information about the Mailman-Developers