diff options
| -rw-r--r-- | docs/config.rst | 120 | ||||
| -rw-r--r-- | docs/index.rst | 1 | ||||
| -rw-r--r-- | docs/security.rst | 19 |
3 files changed, 24 insertions, 116 deletions
diff --git a/docs/config.rst b/docs/config.rst index b56641e..5d60c05 100644 --- a/docs/config.rst +++ b/docs/config.rst @@ -8,126 +8,14 @@ package and class to find mailman-pgp and mailman-pgp needs to be configured to Mailman ======= -Example additions to mailman.cfg to enable mailman-pgp:: +Example additions to mailman.cfg to enable mailman-pgp: - # Setup the mailman-pgp plugin under the `pgp` name. To use the django-pgpmailman - # web UI. The `MAILMAN_PGP_PLUGIN_NAME` in its project settings.py must be set - # to the name of the plugin, as thats where Mailman roots the plugins REST api - # endpoint. - [plugin.pgp] - class: mailman_pgp.plugin.PGPMailman - path: mailman_pgp - enable: yes - configuration: python:mailman_pgp.config.mailman_pgp - - # Use the custom PGP enabled deliver callable, performs the signing and encryption - # on PGP enabled lists which are configured to do so. - [mta] - outgoing: mailman_pgp.mta.deliver.deliver - - # Use the custom PGP enabled runner on the default `in` queue. - [runner.in] - class: mailman_pgp.runners.incoming.PGPIncomingRunner - - # This runners name needs to be the same as the `[queues].in` config option in - # the mailman-pgp config file. It runs the default IncomingRunner on a queue - # of a different name, so that messages come into the mailman-pgp incoming runner - # and can be then passed to the default incoming runner, defined here. - [runner.in_default] - class: mailman.runners.incoming.IncomingRunner +.. literalinclude:: ../src/mailman_pgp/config/mailman.cfg Plugin ====== -Default PGP config:: - - [db] - # db path the PGP plugin will use to store list/user configuration (not keys!). - url: sqlite:////$DATA_DIR/pgp.db - - - [archiving] - # The directory where the local mbox archiver will save messages. - mailbox_dir: $ARCHIVE_DIR/pgp/mbox - - # The directory where the local maildir archiver will save messages. - maildir_dir: $ARCHIVE_DIR/pgp/maildir - - - [keydirs] - # Key directory used to store user public keys. - user_keydir: $DATA_DIR/pgp/user_keydir/ - - # Key directory used to store list keypairs. - list_keydir: $DATA_DIR/pgp/list_keydir/ - - # Key directory used to store archive public keys. - archive_keydir: $DATA_DIR/pgp/archive_keydir/ - - - [keypairs] - # Whether to autogenerate the list key on list creation. - autogenerate: yes - - # Type of primary list key and its size. - # Format: type:size - # type is one of: - # RSA, DSA, ECDSA. - # size is the key size or curve name for ECDSA, which can be one of: - # nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, - # brainpoolP512r1, secp256k1 - primary_key: RSA:4096 - - # Type of list encryption subkey and its size. - # Format: type:size - # type is one of: - # RSA, ECDH - # size is the key size or curve name for ECDH, which can be one of: - # nistp256, nistp384, nistp521, brainpoolP256r1, brainpoolP384r1, - # brainpoolP512r1, secp256k1 - sub_key: RSA:4096 - - # Shred keypair on list deletion? Shredding tries to securely erase the file - # by overwriting it with random data many times. Will be only performed if - # the `delete` option is also set to yes. - shred: yes - - # A command, that is run when shredding the list key (if shred is set). - # It is passed the list key path as an argument. - # If empty, mailman-pgp will try to shred the listkey itself. - # Some Linux distributions provide the `shred` command from GNU coreutils, or - # similar. - shred_command: - - # Delete list keypair on list deletion. - delete: yes - - [queues] - # The queue to which processed incoming messages are passed. Must be a name of - # a queue which is managed by the Mailman IncomingRunner. - in: in_default - - - [misc] - # The lifetime for `key change` request confirmation. - change_request_lifetime: 1d - - # Collect all signature hashes of successful postings to a PGP enabled mailing - # list for signature replay checking. - collect_sig_hashes: yes - - - [rest] - # Allow the accessing of a list private key through the REST API. - # This is necessary for the django-pgpmailman web ui to allow a list owner - # to export the list private key. - allow_read_private_key: yes - - # Allow the modification of a list private key through the REST API. - # This is necessary for the django-pgpmailman web ui to allow a list owner - # to change the list private key. - allow_write_private_key: yes +Default PGP config: - # Allow the accessing of this plugin configuration through the REST API. - allow_read_config: yes +.. literalinclude:: ../src/mailman_pgp/config/mailman_pgp.cfg diff --git a/docs/index.rst b/docs/index.rst index d82a78e..ec01f8f 100644 --- a/docs/index.rst +++ b/docs/index.rst @@ -10,6 +10,7 @@ Welcome to mailman-pgp's documentation! keys signatures encryption + security diff --git a/docs/security.rst b/docs/security.rst new file mode 100644 index 0000000..940136a --- /dev/null +++ b/docs/security.rst @@ -0,0 +1,19 @@ +======================= +Security considerations +======================= + +Mailman-pgp needs to process the messages when they arrive to the mailing list, +to do so it has to decrypt them. Then they pass through Mailman chains and +pipelines to be (optionally) encrypted again and sent out. + +Keys are currently stored not encrypted. + +Mailman-pgp only provides some confirmation that the subscriber has access to +the signing capability of the key provided on subscription, by requesting the +user to sign a statement saying so. It is up to the list moderator/admin to +verify and confirm the subscribers identity. + +Any successful subscriber that has his key set, will receive messages encrypted +to his key(if the mailing list is set to encrypt) and thus even one compromised +or malicious subscriber will compromise all messages of a mailing list. + |