[Mailman-Developers] opportunistically encrypted mailman lists with Autocrypt

holger holger at merlinux.eu
Wed Jan 31 15:03:02 EST 2018

Hi Jan,

On Wed, Jan 31, 2018 at 19:00 +0100, Jan Jancar wrote:
> >> If you would like to use a Python OpenPGP implementation you could look
> >> at [PGPy] and how I used it in mailman-pgp.
> > 
> > It's under consideration here: https://github.com/hpk42/muacrypt/issues/32
> > Are your experiences with pgpy indicating it's compatible with
> > enigmail and k9-mail? (see the questions on that issue)
> PGPy is a quite complete OpenPGP(RFC4880) implementation, its support
> table shows that:
> https://pgpy.readthedocs.io/en/latest/progress.html
> The unsupported packets are very rarely used nowadays and are only
> really produced by very old PGP clients, afaik. PGPy also has a quite
> extensive test suite that works with gpg internally.
> I suggest you look at PGPy issue tracker to see what it lacks currently,
> the most painful issue I think is the missing support for writing
> partial length packets. It can read them just well but not output them.

Good to know! I added the links to the muacrypt issue i linked above. 
dkg and vincent (from k-9 mail) tell me write support of partial 
length header is not needed for e-mails, so that's good
because i'd like muacrypt, my in-progress autocrypt implementation,
to work with pgpy sometime (https://github.com/hpk42/muacrypt/issues/32 )

> >>> - No special interface is needed on the mailing list web page
> >>>   maybe except from enabling/disabling the plugin/support. 
> >>
> >> Plugin configuration is done through the Mailman configuration and those
> >> are read-only through the REST interface. However a plugin might supply
> >> it's own REST endpoints for example for per-list setup/configuration.
> > 
> > I guess read-only REST would allow for a command line interface for 
> > debugging or other low-level configuration wrt to autocrypt key
> > status for peers.  Can a plugin add per-list configuration 
> > options (enable/disable, maybe a choice between 2-3 policies?)
> Yes definitely, the configuration will be handled completely inside the
> pkugin. I'm thinking along the lines of:
>  - Expose a custom REST endpoint for per-list Autocrypt configuration,
> that can be read-write, however is only protected by one global REST
> user-password pair. That will be accessed by an Autocrypt Django app,
> similarly to how I implemented configuration for mailman-pgp in
> [django-pgpmailman]. That app can be then run alongside Postorius and
> HyperKitty which provide Mailman's configuration and archives. So this
> gives list admins a simple web UI for per-list Autocrypt configuration.
>  - Provide a CLI command component which can manage the per-list
> Autocrypt configuration of the Mailman instance locally.

sounds good.  Is it also possible to hook into the standard mm3 configuration,
for adding a per-list configuration item that can then be processed by 
plugin code? 


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 474 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-developers/attachments/20180131/d3729516/attachment-0001.sig>

More information about the Mailman-Developers mailing list