[Gpg4win-devel] Replacement for Adele

Bernhard Reiter bernhard at intevation.de
Tue Sep 8 17:43:02 CEST 2009 

We still use the friendly email robot "adele" in our documentation
however this is unfree software that we have not control over.

See http://lists.gnupg.org/pipermail/gnupg-de/2007-March/000149.html
where someone asks about utf-8 support and Werner answered.

I've also got contacted by someone who has problems to get some emails 
accepted by the service. Thus I believe we really should look into writing a 
new friendly email robot application as Free Software which can replace 
adele. 

Thus anybody could set this up if they are do teach OpenPGP for themselfs or 
internal for their organisation. Of course it would be nice if a few people 
would offer to run a few public instances for this as well.

My next step will be to think about the wanted features of an email robot .

1) Should be able to accept a send public certificate
    1.1)  as attachment
    1.2) as plain text

2) Should send an encrypted response
     2.1 as PGP/MIME via 
     2.2 ? as deprecated inline?
     2.3 ? both as S/MIME?
    2.4 ? sign?

3) configurable
     3.1 default text in English
     3.2 Text in German

4) should sent its own public certificate
   4.1 as attachment
   4.2? as plain text

Hi X,Y,
this is an encrypted answer to your email.
I have received your public certificate with IDS .... 
Attached my public certifiate,
and Z (my email address).

My Admin to ask for question is:

5) Deall with common email encodings?
At least with utf-8 and latin1.

6) Decrypt and answer to encrypted emails.

So a question is: Should our robot temporarily save public keys?
If, how long? If requirement 6) is done in a way that an unencrypted
response is needed, no cache for the public keys is necessary.
A cache would be problematic as it needs to limit its own discspace.

In how far should the new robot be able to replace adele?
This is a question of compatibility.
Some people still seem to use non-MIME deprecated in-line PGP
in emails.

Should the robot's answer include text of the original message?
If it would it would make it a potential relay service for spam.
Just upload a public key from someone else and fake its email sender address
and the robot would send your "spam" to this person, even encrypted!

How should be implement the new robot?
It is designated to run as a daemon and potentially as a public service, so it 
needs to be secure and hard enough to not be attacked.
My first attempt would be to use python with one of the known gpgme wrappers.
We should need to be careful with the "email" packages as it is not designed
to deal with signed message in the processing.
However it is probably better than to reuse code from mutt or KMail.

Feedback appreciated,
Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 1603 bytes
Desc: not available
Url : http://lists.wald.intevation.org/pipermail/gpg4win-devel/attachments/20090908/c67705ba/smime.bin

More information about the Gpg4win-devel mailing list