[Mailman-Users] Re: OpenPGP and S/MIME aware Mailman

2021-02-14 Thread Dennis Putnam

Hi Sam,

On 2/13/2021 3:18 PM, Sam Kuper wrote:

On Fri, Feb 12, 2021 at 10:11:20AM -0500, Dennis Putnam wrote:

If I need a secure mailman list, is there another alternative?

You may want to give some thought to, and to then specify in a follow-up
in this thread, what you mean by "secure" in this context.

For example, you might want security properties such as:

- Every message sent to the list can be authenticated by its recipients.

- Every message sent to the list is robustly encrypted to prevent its
   being readable by non-members.

- For the property/ies above to be immune to rogue CAs.

- Some combination of the above.

It may be helpful to ask yourself: what is your threat model?

Also, which key distribution mechanisms are available to you?  (For
instance: are the list members able to meet in person for key exchange?)

I'm looking to decrypt incoming email from subscribers and encrypt 
outgoing to each. The threat model is to not have any email into or out 
of the mailing list to be intercepted/monitored.


--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: OpenPGP and S/MIME aware Mailman

2021-02-14 Thread Sam Kuper
On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote:
> I'm looking to decrypt incoming email from subscribers and encrypt
> outgoing to each. The threat model is to not have any email into or
> out of the mailing list to be intercepted/monitored.

The two sentences imply different requirements.

Even if you satisfy the requirements in the first sentence, any attacker
on the wire will be able to capture ("monitor") the emails; and the
headers will be in plain-text (including the Subject header, sender, and
recipients), even if the body and attachments are encrypted:
https://ssd.eff.org/en/module/why-metadata-matters

Also, if the attacker has compromised the CA, then they will potentially
be able to decrypt S/MIME messages (but not OpenPGP messages, if the
encryption and key generation were well-implemented[1]).

If you really want to satisfy the requirements in the second sentence,
then you might want to look at DIME (aka Darkmail), mixers, or
alternatives to email:

- https://en.wikipedia.org/wiki/Dark_Mail_Alliance

- https://en.wikipedia.org/wiki/Mix_networks

- https://en.wikipedia.org/wiki/Anonymous_remailers

- https://en.wikipedia.org/wiki/Tutanota

- https://en.wikipedia.org/wiki/ProtonMail

- https://en.wikipedia.org/wiki/Category:Internet_privacy_software

[1] At least, not unless affordable quantum computing is available to
the attacker.  If it is, then you would also need to use a
quantum-resistant cipher.  Unfortunately, doing that is still very
inconvenient to do using GnuPG or similar.

-- 
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?

()  ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\  file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: Subject field not included in wrapper of DMARC emails

2021-02-14 Thread Mark Sapiro
On 2/13/21 10:44 PM, Sam Kuper wrote:
> 
> Most of the mail on that list comes through just fine.
> 
> DMARC email comes through with the Subject: field blank, though.
> 
> Is that expected?


Thank you for reporting this. It is a bug. It turns out that the logic
for determining the headers in the wrapper does not include Subject: in
the case where the list has no subject_prefix.

This is now reported at 

Although I know you don't control the list, here's the patch I will
commit after testing
```
> === modified file 'Mailman/Handlers/WrapMessage.py'
> --- Mailman/Handlers/WrapMessage.py   2018-06-17 23:47:34 +
> +++ Mailman/Handlers/WrapMessage.py   2021-02-14 18:20:24 +
> @@ -63,13 +63,17 @@
>  # make a copy of the msg, then delete almost everything and set/copy
>  # what we want.
>  omsg = copy.deepcopy(msg)
> +# If CookHeaders didn't change the Subject: we need to keep it too.
> +if 'subject' not in [key.lower() for key in
> + msgdata.get('add_header', {}).keys()]:
> +KEEPERS.append('subject')
>  for key in msg.keys():
>  if key.lower() not in KEEPERS:
>  del msg[key]
>  msg['MIME-Version'] = '1.0'
>  msg['Message-ID'] = Utils.unique_message_id(mlist)
>  # Add the headers from CookHeaders.
> -for k, v in msgdata['add_header'].items():
> +for k, v in msgdata.get('add_header', {}).items():
>  msg[k] = v
>  # Are we including dmarc_wrapped_message_text?  I.e., do we have text and
>  # are we wrapping because of dmarc_moderation_action?
```
Perhaps you can convince the admins of the Mailman site to apply the
patch or add a subject_prefix to the list, either of which will avoid
the issue.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: Subject field not included in wrapper of DMARC emails

2021-02-14 Thread Mark Sapiro
On 2/14/21 10:34 AM, Mark Sapiro wrote:
> 
> Thank you for reporting this. It is a bug. It turns out that the logic
> for determining the headers in the wrapper does not include Subject: in
> the case where the list has no subject_prefix.
> 
> This is now reported at 
> 
> Although I know you don't control the list, here's the patch I will
> commit after testing


Just for the record, that patch had issues. Here's the patch that will
be committed:
```
> === modified file 'Mailman/Handlers/WrapMessage.py'
> --- Mailman/Handlers/WrapMessage.py   2018-06-17 23:47:34 +
> +++ Mailman/Handlers/WrapMessage.py   2021-02-14 19:51:07 +
> @@ -63,13 +63,19 @@
>  # make a copy of the msg, then delete almost everything and set/copy
>  # what we want.
>  omsg = copy.deepcopy(msg)
> +# If CookHeaders didn't change the Subject: we need to keep it too.
> +# Get a fresh list.
> +keepers = list(KEEPERS)
> +if 'subject' not in [key.lower() for key in
> + msgdata.get('add_header', {}).keys()]:
> +keepers.append('subject')
>  for key in msg.keys():
> -if key.lower() not in KEEPERS:
> +if key.lower() not in keepers:
>  del msg[key]
>  msg['MIME-Version'] = '1.0'
>  msg['Message-ID'] = Utils.unique_message_id(mlist)
>  # Add the headers from CookHeaders.
> -for k, v in msgdata['add_header'].items():
> +for k, v in msgdata.get('add_header', {}).items():
>  msg[k] = v
>  # Are we including dmarc_wrapped_message_text?  I.e., do we have text and
>  # are we wrapping because of dmarc_moderation_action?
> 
```


-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: OpenPGP and S/MIME aware Mailman

2021-02-14 Thread Dennis Putnam

Hi Sam,

On 2/14/2021 11:26 AM, Sam Kuper wrote:

On Sun, Feb 14, 2021 at 10:58:01AM -0500, Dennis Putnam wrote:

I'm looking to decrypt incoming email from subscribers and encrypt
outgoing to each. The threat model is to not have any email into or
out of the mailing list to be intercepted/monitored.

The two sentences imply different requirements.

Even if you satisfy the requirements in the first sentence, any attacker
on the wire will be able to capture ("monitor") the emails; and the
headers will be in plain-text (including the Subject header, sender, and
recipients), even if the body and attachments are encrypted:
https://ssd.eff.org/en/module/why-metadata-matters

Also, if the attacker has compromised the CA, then they will potentially
be able to decrypt S/MIME messages (but not OpenPGP messages, if the
encryption and key generation were well-implemented[1]).

If you really want to satisfy the requirements in the second sentence,
then you might want to look at DIME (aka Darkmail), mixers, or
alternatives to email:

- https://en.wikipedia.org/wiki/Dark_Mail_Alliance

- https://en.wikipedia.org/wiki/Mix_networks

- https://en.wikipedia.org/wiki/Anonymous_remailers

- https://en.wikipedia.org/wiki/Tutanota

- https://en.wikipedia.org/wiki/ProtonMail

- https://en.wikipedia.org/wiki/Category:Internet_privacy_software

[1] At least, not unless affordable quantum computing is available to
the attacker.  If it is, then you would also need to use a
quantum-resistant cipher.  Unfortunately, doing that is still very
inconvenient to do using GnuPG or similar.

Thanks for the info. It is not the headers that I care about but rather 
the email content. I also would not care about S/MIME as all my 
subscribers will be GPG. I thought that was essentially the obsolete 
code did. I was considering taking that plug-in and modifying it to at 
least work with GPG and mailman 2.1.36.


--
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: OpenPGP and S/MIME aware Mailman

2021-02-14 Thread Grant Taylor via Mailman-Users

On 2/14/21 3:02 PM, Dennis Putnam wrote:
I was considering taking that plug-in and modifying it to at least work 
with GPG and mailman 2.1.36.


You might look to see if you can move the problem to the MTA level. 
E.g. have the MTA, or something like a milter on it's behalf, encrypt 
outgoing messages.


You can probably have something decrypt the messages between the MTA and 
Mailman.


Something like this would allow you to use a stock Mailman.



--
Grant. . . .
unix || die



smime.p7s
Description: S/MIME Cryptographic Signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/


[Mailman-Users] Re: Subject field not included in wrapper of DMARC emails

2021-02-14 Thread Sam Kuper
On Sun, Feb 14, 2021 at 10:34:08AM -0800, Mark Sapiro wrote:
> Thank you for reporting this. It is a bug. It turns out that the logic
> for determining the headers in the wrapper does not include Subject:
> in the case where the list has no subject_prefix.
> 
> This is now reported at
> https://bugs.launchpad.net/mailman/+bug/1915655

Thanks for investigating and filing a report for the bug!

Sending much Free Software love to Gnu, this V-day.  Thank you for
maintaining Mailman :)


> Perhaps you can convince the admins of the Mailman site to apply the
> patch or add a subject_prefix to the list, either of which will avoid
> the issue.

I will alert the admins to this thread.


On Sun, Feb 14, 2021 at 12:37:54PM -0800, Mark Sapiro wrote:
> Just for the record, that patch had issues. Here's the patch that will
> be committed [...]

Thank you for double-checking the patch!

Sam

-- 
A: When it messes up the order in which people normally read text.
Q: When is top-posting a bad thing?

()  ASCII ribbon campaign. Please avoid HTML emails & proprietary
/\  file formats. (Why? See e.g. https://v.gd/jrmGbS ). Thank you.
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/