[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

List software with PGP authentication/administration



	I have recently written some mailing list software which
authenticates PGP signatures (it is *way* too centralized for my
tastes, but most of my "market"-- the people who are using the list
that the software is running on-- have rather lame computers or lack
the time/skill to install PGP for signature verification locally.).

	The most important part of the software, however, is that it
uses PGP-signatures for remote administration. It requires that a
remote administration request be PGP-signed before it accepts the
administration commands.

	It is running a *rudimentary* keyserver service.. It accepts
new keys, but it doesn't release keys on demand. (I'm going to have it
release keys to subscribers only, soon.)

	Here's the documentation. If anyone would like to take a look
at it, and play with it, etc., please mail me. It's not very clean
code. (It's a combination of some perl and sh scripts. I'm pretty
clueless about perl, so there are many inefficiencies. I plan on
fixing them once I learn perl better.)


-- PGP Signature Authentication

	The list software does automatic verification of PGP
signatures, and prepends a few lines to every message that goes out--
whether or not the signature is good, bad, or nonexistant.

-- Administration

	If you are the administrator of the list, you can issue
list-administration commands within a PGP-signed message. To do so,
begin your message with the line:

::administrate <password>

	Following lines are commands to the list software. Supported
commands currently are:

	"subscribe address" -- subscribe address to the list
	"unsubscribe address" -- unsubscribe address from the list
	"sendlist address" -- send the list of subscribers to the address

-- User Commands

	There are a few commands which any user can use, whether or not
the message has been PGP-signed.

	To send out a subscriber list to someone who is subscribed to
the list, anyone can send a message to the list saying:

::sendlist

	following by the addresses to which he or she wants the
subscriber list to reach. Only people who are subscribed to the list,
however, can get the subscriber list through this command. (Anyone can
issue this command, however.)

	To add a key to the PGP-database so that messages signed with this key are recognized, anyone can send a message to the list saying:

::addkey

	following by an ASCII-armored PGP public key block.

	Anyone can post anonymously to the list as well. In order to
do that, the message should be sent to the list (signed or unsigned--
if the message is signed, however, the signature information still
reaches the list) with the line:

::administrate anonymous

	As the first line.