Hi all, I'm currently working on my GSoC proposal for the GNU Mailman project, which aims to implement encrypted mailing lists. I noticed that Tor project uses Mailman and has a few private lists as well. I think that Tor project's private lists might be a great example that could use such encrypted lists.
What requirements would Tor project have of such encrypted mailing list? This would help me better understand potential uses of encrypted mailing lists in a real environment.
My proposal uses PGP/MIME. A short description follows:
It establishes a list keypair which subscribers use to encrypt their messages with. A user needs to present a PGP public key on subscription which will be later used to encrypt messages from the list. List owner moderates the list and accepts users subscription. User has to prove ownership of the key by signing a confirmation token. Subscriber then sends messages encrypted with list key and signed with the one he subscribed with. He receives messages encrypted to his key and signed by the original author as well as the list itself. Commands will require signature and confirmation too.
A more detailed proposal can be found in the links below.
-Jan
-----
[Project idea]: https://wiki.list.org/DEV/Google%20Summer%20of%20Code%202017#Encrypted_Lists... [Proposal draft (site)]: https://neuromancer.sk/page/gsoc/mailman [Proposal draft (PDF)]: https://neuromancer.sk/static/mailman.pdf
Hi Jan,
On 22 Mar 2017, at 01:40, johny johny@neuromancer.sk wrote:
Hi all, I'm currently working on my GSoC proposal for the GNU Mailman project, which aims to implement encrypted mailing lists. I noticed that Tor project uses Mailman and has a few private lists as well. I think that Tor project's private lists might be a great example that could use such encrypted lists.
This sounds like a great proposal, but we've just implemented Schleuder.
Can you tell us how this would be different from Schleuder?
I've CC'd Silvia, who did the implementation, and might be able to provide a more detailed response.
What requirements would Tor project have of such encrypted mailing list? This would help me better understand potential uses of encrypted mailing lists in a real environment.
My proposal uses PGP/MIME. A short description follows:
It establishes a list keypair which subscribers use to encrypt their messages with. A user needs to present a PGP public key on subscription which will be later used to encrypt messages from the list. List owner moderates the list and accepts users subscription. User has to prove ownership of the key by signing a confirmation token. Subscriber then sends messages encrypted with list key and signed with the one he subscribed with. He receives messages encrypted to his key and signed by the original author as well as the list itself. Commands will require signature and confirmation too.
A more detailed proposal can be found in the links below.
-Jan
(Please don't put lines of dashes in the middle of your email. Some people use broken mail clients that cut off any text after a line of dashes.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org ------------------------------------------------------------------------
Hi Jan
Thanks for your proposal. As teor mentioned, at the moment we are just finished implementing Schleuder (https://0xacab.org/schleuder/schleuder). Schleuder is a mailing list manager using GPG/PGP that supports resending. It hooks with postfix and basically acts as a man in the middle. This means that if you want to send an encrypted email to all the subscribers of the mailing list you setup a Schleuder list, encrypt with the key of the list, and Schleuder will take care to decrypt and encrypt a message for each and everyone of the participants with their keys.
At the moment we do not have any features request for Schleuder that we would like to implement. Maybe you would like to have a look at all our other projects (https://www.torproject.org/getinvolved/volunteer.html.en) and find something that you might think it is interesting?
Let us known if we can help you in any ways on picking something that you like.
Talk soon,
-silvia [hiro]
On 24/03/17 09:10, teor wrote:
Hi Jan,
On 22 Mar 2017, at 01:40, johny johny@neuromancer.sk wrote:
Hi all, I'm currently working on my GSoC proposal for the GNU Mailman project, which aims to implement encrypted mailing lists. I noticed that Tor project uses Mailman and has a few private lists as well. I think that Tor project's private lists might be a great example that could use such encrypted lists.
This sounds like a great proposal, but we've just implemented Schleuder.
Can you tell us how this would be different from Schleuder?
I've CC'd Silvia, who did the implementation, and might be able to provide a more detailed response.
What requirements would Tor project have of such encrypted mailing list? This would help me better understand potential uses of encrypted mailing lists in a real environment.
My proposal uses PGP/MIME. A short description follows:
It establishes a list keypair which subscribers use to encrypt their messages with. A user needs to present a PGP public key on subscription which will be later used to encrypt messages from the list. List owner moderates the list and accepts users subscription. User has to prove ownership of the key by signing a confirmation token. Subscriber then sends messages encrypted with list key and signed with the one he subscribed with. He receives messages encrypted to his key and signed by the original author as well as the list itself. Commands will require signature and confirmation too.
A more detailed proposal can be found in the links below.
-Jan
(Please don't put lines of dashes in the middle of your email. Some people use broken mail clients that cut off any text after a line of dashes.)
T
-- Tim Wilson-Brown (teor)
teor2345 at gmail dot com PGP C855 6CED 5D90 A0C5 29F6 4D43 450C BA7F 968F 094B ricochet:ekmygaiu4rzgsk6n xmpp: teor at torproject dot org
On 03/24/2017 06:52 PM, Silvia [Hiro] wrote:
Hi Jan
Thanks for your proposal. As teor mentioned, at the moment we are just finished implementing Schleuder (https://0xacab.org/schleuder/schleuder). Schleuder is a mailing list manager using GPG/PGP that supports resending. It hooks with postfix and basically acts as a man in the middle. This means that if you want to send an encrypted email to all the subscribers of the mailing list you setup a Schleuder list, encrypt with the key of the list, and Schleuder will take care to decrypt and encrypt a message for each and everyone of the participants with their keys.
At the moment we do not have any features request for Schleuder that we would like to implement. Maybe you would like to have a look at all our other projects (https://www.torproject.org/getinvolved/volunteer.html.en) and find something that you might think it is interesting?
I think there was a bit of a misunderstanding here, GNU Mailman takes part in this year's GSoC through Python Software Foundation and their (only) project idea is: Encrypted mailing lists. I was asking on this mailing list mainly because I think Tor project's mailing list use kind of fits what I'm designing and having feedback from current users of encrypted mailing lists helps.
What I'm proposing for Mailman is quite similar to Schleuder. For main differences see my reply to teor. Since you said you don't have feature requests for Schleuder a similar implementation in Mailman should work for similar use cases. Thanks!
-Jan
On 03/24/2017 09:10 AM, teor wrote:
Hi Jan,
On 22 Mar 2017, at 01:40, johny johny@neuromancer.sk wrote:
Hi all, I'm currently working on my GSoC proposal for the GNU Mailman project, which aims to implement encrypted mailing lists. I noticed that Tor project uses Mailman and has a few private lists as well. I think that Tor project's private lists might be a great example that could use such encrypted lists.
This sounds like a great proposal, but we've just implemented Schleuder.
Can you tell us how this would be different from Schleuder?
It is indeed a very similar design, with some differences, my Mailman's encrypted list implementation will: 1) be integrated into Mailman 3. Which means all features of a regular Mailman mailing list will be supported. (with some changes to work with an encrypted mailing list) 2) keep the original sender's signature when resending to subscribers, which means a bit less trust in the server is necessary when the subscribers trust each other's keys. (AFAIK, Schleuder strips the signature and adds a header saying it was valid/not) 3) offer a bit more integration with the PGP web-of-trust model. Where subscribers and mainly the list owner can sign the list key and send it back to the mailing list server, which will from that point on send this key with the new signature.
(Please don't put lines of dashes in the middle of your email. Some people use broken mail clients that cut off any text after a line of dashes.)
Sorry about that, will do, or rather won't do that anymore :)
-Jan
tor-project@lists.torproject.org