schleuder issueshttps://0xacab.org/schleuder/schleuder/-/issues2024-01-12T11:13:36Zhttps://0xacab.org/schleuder/schleuder/-/issues/439Automatically fetch keys from validating sources2024-01-12T11:13:36ZpazAutomatically fetch keys from validating sourcesLet's make Schleuder:
1. automatically fetch keys for each recipient without key (regardless of subscription or third-party), but only from validating sources (WKD and validating keyservers).
2. update keys also only from validating sou...Let's make Schleuder:
1. automatically fetch keys for each recipient without key (regardless of subscription or third-party), but only from validating sources (WKD and validating keyservers).
2. update keys also only from validating sources,
3. drop `x-fetch-key`.
For most users this would make sending encrypted emails easier. And we would push the use of better key sources, driving people away from still using SKS keyservers, or sending plain text email.
Those users that require more manual control still can use `x-add-key` to get a manually downloaded key from a different source into the list's keyring.
The only downside I see is that Schleuder would repeatedly make network requests for email addresses that don't have a key published in any of the sources. I'd accept that as a small price.
Related to #435Futurepazpazhttps://0xacab.org/schleuder/schleuder/-/issues/421schleuder fails to warn about expiring member subkeys2020-06-26T13:41:58Zo-schleuder fails to warn about expiring member subkeysThe periodic key expiry reminders from schleuder do not consider expiring subkeys.
What I would expect is that schleuder
* if the master key has no `[E]` capability, warns if all encryption subkeys expire (because then it can't send mai...The periodic key expiry reminders from schleuder do not consider expiring subkeys.
What I would expect is that schleuder
* if the master key has no `[E]` capability, warns if all encryption subkeys expire (because then it can't send mails to me anymore)
* if the master key has no `[S]` capability, warn if all sign subkey expire (because then I can't send authenticated mails to schleuder anymore).
What actually happens is, without warning the key becomes non-functional and cannot be updated by the user anymore.
As an example consider 0x8F4E6C91F62F3B4E (on sks keyservers). On this key the master key never expires, but the sign and encryption subkeys do.
```
pub rsa4096/0x8F4E6C91F62F3B4E 2016-09-02 [C]
...
sub rsa4096/0xBFDB552FFC4A9191 2019-02-23 [S] [expires: 2020-02-23]
sub rsa4096/0x2E851CD5B07AF0D4 2019-02-23 [E] [expires: 2020-02-23]
```
To create such a key for testing:
1. create a key without expiry and edit:
2. remove subkey with `key 1\n delkey`
3. remove S capability with `change-usage`
4. add expiring E subkey with `addkey` (6)
5. add expiring S subkey with `addkey` (4)Futurehttps://0xacab.org/schleuder/schleuder/-/issues/412Implement 2 factor authentication2020-01-04T12:25:52ZgagzImplement 2 factor authenticationAfter some discussion on how to strength login security of schleuder-web, here is a ticket!
Ideas:
- 2FA standard implementation
- Kinda 2FA where a token would be send (encrypted) to the email corresponding to the account after success...After some discussion on how to strength login security of schleuder-web, here is a ticket!
Ideas:
- 2FA standard implementation
- Kinda 2FA where a token would be send (encrypted) to the email corresponding to the account after successful login, and the user would have to enter this token to login
thanks!Futurehttps://0xacab.org/schleuder/schleuder/-/issues/376Harmonize output of keywords that deal with keys2020-01-04T12:51:37ZgeorgHarmonize output of keywords that deal with keysI've used `x-fetch-key` with a capitalized fingerprint argument, and got, in return a message containing the lowercased fingerprint. We should probably harmonize this, so the output matches the input.
Not sure, but maybe this applies to...I've used `x-fetch-key` with a capitalized fingerprint argument, and got, in return a message containing the lowercased fingerprint. We should probably harmonize this, so the output matches the input.
Not sure, but maybe this applies to spaces, too.
Any opinions?Futurehttps://0xacab.org/schleuder/schleuder/-/issues/375Handle space-separated fingerprints for all relevant keywords2020-01-04T12:51:15ZgeorgHandle space-separated fingerprints for all relevant keywordsIn version `3.2.0`, we introduced spaces-separated fingerprint support for `x-subscribe`.
We should probably revisit this for the other relevant keywords, too. I just did `x-fetch-key` with such a fingerprint, and got, in return, ten ti...In version `3.2.0`, we introduced spaces-separated fingerprint support for `x-subscribe`.
We should probably revisit this for the other relevant keywords, too. I just did `x-fetch-key` with such a fingerprint, and got, in return, ten times the message: `Invalid input. Allowed are: URLs, OpenPGP-fingerprints, or email-addresses.`. I'm not sure, and didn't checked, if this is an issue for other keywords too, but I guess so.
OTOH, as we spoke about "being implicit", I wonder if parsing fingerprints with spaces is maybe error prone?
Still, if we do, we should be consistent. Tagging this for `4.0` for now, and labeling as `bug`.
Any opinions?Futurehttps://0xacab.org/schleuder/schleuder/-/issues/353Send whole Keyring at once (worked in schleuder2)2020-11-12T16:28:16Zinit voidSend whole Keyring at once (worked in schleuder2)Feedback from one of our users:
> in der vorherigen Schleuder-Version war es möglich, sich mittels des Befehls `X-GET-KEY: . ` den gesamten Keyring (Schlüsselbund) einer verschlüsselten E-Mail-Verteilerliste zusenden zu lassen.
> So is...Feedback from one of our users:
> in der vorherigen Schleuder-Version war es möglich, sich mittels des Befehls `X-GET-KEY: . ` den gesamten Keyring (Schlüsselbund) einer verschlüsselten E-Mail-Verteilerliste zusenden zu lassen.
> So ist funktioniert das nun leider nicht mehr. Gibt es einen neuen Befehl hierfür?
The described behavior sounds more like a "hack" that like an intended Feature to me. Yet it might be a useful option to export all keys in one go.
Just leaving this here so the users input is not lost.Futurepazpazhttps://0xacab.org/schleuder/schleuder/-/issues/294provide easy+secure backup/restore mechanism2018-10-28T11:48:23Zdkgprovide easy+secure backup/restore mechanismWhat sorts of things does a schleuder installation need to back up to protect against bad things happening?
how can it avoid having the backups be a source of weakness to the encrypted mailing list itself?
how can we make it easy to re...What sorts of things does a schleuder installation need to back up to protect against bad things happening?
how can it avoid having the backups be a source of weakness to the encrypted mailing list itself?
how can we make it easy to restore a schleuder instance from such a backup?
-----
It's tempting to just say "copy everytihng in `/etc/schleuder` and `/var/lib/schleuder`", but that would mean copying secret key information, API keys, etc, which would make the backup itself a really tempting target for the purposes of decrypting messages sent to a schleuder list, or for compromising access to the REST api.
In the event of a catastrophic failure, it might make the most sense to
* generate a new key for each list
* to revoke the old keys
* to re-generate all API keys
If we want to streamline this process, then the backup might need to contain revocation certificates for the keys in question (not the secret keys themselves) and avoid shipping API keys entirely. The backup might also not need to contain all the keyrings, or maybe just pointers to them?
I'm imagining this as something that might even be doable from the `schleuder-cli`, so that the client connecting to the REST API could make a backup of configuration of a schleuder installation, and that backup could then be replayed upon reinstallation by the new schleuder user to get back to the same state (albeit with different keys).Futurehttps://0xacab.org/schleuder/schleuder/-/issues/247Make LoggerNotification#notify_admin respect send_encrypted_only2020-01-04T19:41:22ZpazMake LoggerNotification#notify_admin respect send_encrypted_onlyCurrently it sends out messages in the clear if no usable key is found for the respective admin, regardless of the list's setting of `send_encrypted_only`.Currently it sends out messages in the clear if no usable key is found for the respective admin, regardless of the list's setting of `send_encrypted_only`.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/243Add a global footer for administrative mails2020-01-04T12:31:04ZMuri NicanorAdd a global footer for administrative mailsquoting @n_g from #240
> I see how it can be helpful and I'm thinking whether it could make sense to offer a global configuration option to add a
> footer for administrative emails, where one could add your text example pointing the we...quoting @n_g from #240
> I see how it can be helpful and I'm thinking whether it could make sense to offer a global configuration option to add a
> footer for administrative emails, where one could add your text example pointing the webschleuder installation or e.g.
> further documentation. Or just make a global configuration option with a webschleuder address and if that one is set, the
> footer gets added. I think adding also a link to the online documentation would be helpful.
one could also add a contact email of the schleuder providerFuturehttps://0xacab.org/schleuder/schleuder/-/issues/242Improve the text of the administrative emails2020-01-04T12:31:00ZMuri NicanorImprove the text of the administrative emailsThe administrative emails are a bit scarce in their explanation what they are about. Especially for admins that don't know much about gnupg keyrings or mailinglists. It would be great to extend their content, i.e.:
> Hello
>
> This is ...The administrative emails are a bit scarce in their explanation what they are about. Especially for admins that don't know much about gnupg keyrings or mailinglists. It would be great to extend their content, i.e.:
> Hello
>
> This is an automated mail from the listname@domain.tld mailinglist, which you're are an administrator of.
>
> While doing a regular check of all subscriptions of list listname@server.tld we were pinning a matching key
> for the following subscriptions
>
> ...
>
> This means ...
see also the initial ticket schleuder/schleuder#240Futurehttps://0xacab.org/schleuder/schleuder/-/issues/236allow memory hole headers as anti-replay mechanism if user omits x-listname2024-03-11T18:25:43Zdkgallow memory hole headers as anti-replay mechanism if user omits x-listnamememory hole provides signatures over relevant headers. if a cryptographically-signed To: header includes foo-request@example.org, then there is no need to require the message to contain x-listname to defend against replay attack (as not...memory hole provides signatures over relevant headers. if a cryptographically-signed To: header includes foo-request@example.org, then there is no need to require the message to contain x-listname to defend against replay attack (as noted in #158). memory hole is more convenient (for MUAs that already implement it), so it would be a usability improvement to accept it as a legit anti-replay mechanism.Future2020-12-01https://0xacab.org/schleuder/schleuder/-/issues/228Distinguish between a Subscription's key and a random keyring entry in check_...2020-01-04T12:29:22ZngDistinguish between a Subscription's key and a random keyring entry in check_keys notificationAt the moment keys check notifies about all keys in your keyring.
The output should be split in 2 sections: Keys of subscriptions and all other keys in the keyring. This way an admin can easily identify if something urgen needs to happe...At the moment keys check notifies about all keys in your keyring.
The output should be split in 2 sections: Keys of subscriptions and all other keys in the keyring. This way an admin can easily identify if something urgen needs to happen.
For a list that e.g. is an address of a project, that is especially used to communicate with addresses outside of the list, the majority of the keyring might be random keys that were used once in a while, but are not relevant for the list to function.
While `refresh_keys` should still refresh all these keys, I don't think keys check should report anything about them, as otherwise lists as decribed before will always get a huge list of expired/revoked keys.
As noted in #227 the output must also be more descriptive and e.g. divided by keys for subscriptions and keys not related to a subscription. And then we could only send out the check email if any of the subscriptions is affected.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/220Notify admins on missing keys for subscriptions2020-01-04T12:27:49ZngNotify admins on missing keys for subscriptionsIf a list is configured to send out only encrypted emails, but a subscription doesn't have a key selected, schleuder will notify the subscription about that problem. However, admins - who are usually aware of what to do - are not notifie...If a list is configured to send out only encrypted emails, but a subscription doesn't have a key selected, schleuder will notify the subscription about that problem. However, admins - who are usually aware of what to do - are not notified.
=> Admins should be notified as well about missing keys.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/196Show warning if weak key is used / extend trust_issues2020-01-04T12:23:01ZgeorgShow warning if weak key is used / extend trust_issuesFuturehttps://0xacab.org/schleuder/schleuder/-/issues/151Implement subkey rollover2020-01-04T12:24:22ZgeorgImplement subkey rolloverTo not loose track of this, because I really like the idea, see [this](https://0xacab.org/schleuder/schleuder/issues/96#note_34766) comment by @dkg:
> I'd put aside the question of expiration dates for primary keys, and instead foc...To not loose track of this, because I really like the idea, see [this](https://0xacab.org/schleuder/schleuder/issues/96#note_34766) comment by @dkg:
> I'd put aside the question of expiration dates for primary keys, and instead focus on expiration dates for the encryption-capable subkeys.
schleuder can do automated subkey rollover, and can destroy the expired subkeys, which makes it so that a compromise of the schleuder instance at time T is only capable of decrypting copies of mails sent since the last rollover.
If schleuder always included its latest key in every e-mail, and had an automated/scheduled rollover practice, then things could work pretty much automatically, and you'd get this nice "forward-secrecy"ish property.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/97Enable replacing list-key2020-01-04T11:47:21ZpazEnable replacing list-keySchleuder should provide the possibility to replace the list-key, either by a newly generated one, or by a provided one.
The new key should optionally (true by default) be signed by the old key to make the transition easier for users....Schleuder should provide the possibility to replace the list-key, either by a newly generated one, or by a provided one.
The new key should optionally (true by default) be signed by the old key to make the transition easier for users.
The option should be provided by the API and be used by Webschleuder and SchleuderConf.
(This feature would also serve the feature request to be able to nuke list-keys in case of compromisation (which was never filed, only told).)Futurehttps://0xacab.org/schleuder/schleuder/-/issues/96Set expiration date for list keys2020-01-04T12:23:21ZpazSet expiration date for list keysI personally always set an expiration date for PGP-Keys to make sure that in case one looses access to modify the key, the problem will not stay for ever..
Schleuder3 currently creates list keys with no expiration date set.
How do ...I personally always set an expiration date for PGP-Keys to make sure that in case one looses access to modify the key, the problem will not stay for ever..
Schleuder3 currently creates list keys with no expiration date set.
How do you think about setting an expire date per default e.g. in 2 years after creation?
Futurehttps://0xacab.org/schleuder/schleuder/-/issues/89add a 'description' to list options2020-01-04T12:31:11Zpazadd a 'description' to list optionssometimes (i.e. in the overview in webschleuder) it would be useful to have a 'description' for lists to help identifying them (like mailman has in the list overview).sometimes (i.e. in the overview in webschleuder) it would be useful to have a 'description' for lists to help identifying them (like mailman has in the list overview).Futurehttps://0xacab.org/schleuder/schleuder/-/issues/56Option to fetch key for admin from keyserver when creating list2023-12-29T16:40:18ZpazOption to fetch key for admin from keyserver when creating listAlternatively to a file-path it should be possible to specify a fingerprint which is used to fetch the key from a keyserver.Alternatively to a file-path it should be possible to specify a fingerprint which is used to fetch the key from a keyserver.Futurehttps://0xacab.org/schleuder/schleuder/-/issues/48If resending fails don't send message over list.2020-05-14T12:54:28ZpazIf resending fails don't send message over list.In case the resending failed (e.g. encrypted_only and no key), don't send the message to subscribers but reply to the sender to spare everyone a useless message.
If there are multiple resend-requests we should only abort if the first ...In case the resending failed (e.g. encrypted_only and no key), don't send the message to subscribers but reply to the sender to spare everyone a useless message.
If there are multiple resend-requests we should only abort if the first one fails. After sending out the message to the first resend-recipient it is "out there" and we should send the message also over the list.Future