next up previous contents index
Next: 8. Customizing Sympa/WWSympa Up: Sympa Mailing Lists Management Software Previous: 6. Using Sympa with a RDBMS   Contents   Index

Subsections


7. Sympa with S/MIME and HTTPS

S/MIME is a cryptographic method for Mime messages based on X509 certificate. Before to install Sympa S/Mime features named S/Sympa, you must be persuaded that ``S/MIME'' mean ``Secure MIME'' and has nothing to do with ``Simple''.

This chapter just describes what security level is provided by Sympa while using S/MIME messages and how to configure Sympa for it. It is not intended to teach anyone what S/Mime is and why it is so complex ! RFCs number 2311, 2312, 2632, 2633 and 2634 and a lot of literature about S/MIME, PKCS#7 and PKI is available on the Internet. Sympa 2.7 is the first version of Sympa including S/MIME features, this is beta-testing features.

7.1 Signed messages distribution

Nothing to do. You probably imagine that any mailing list manager (or any mail forwarder) is compatible with S/MIME signature as long as it respects MIME structure of incomming messages. You are right. Even Majordomo can distribute a signed message ! As Sympa provides nice MIME compatibility, You don't need to do anything in order to allow subscribers to verify signed messages distributed through a list. This is not a performence at all, any processus that distributes messages are compatible with end user signing processus. Sympa just skips message footer attachement (ref 9.10, page [*]) to prevent any body corruption which would break the signature.

7.2 Use of S/MIME signature by Sympa itself

Sympa is able to verify S/MIME signatures in order to apply S/MIME authentication method for the message handling. Currently, this feature is limited to the distribution process and to commands when sympa find them in the message body. The reasons of this limitation is related to current S/MIME usage. S/MIME signature structure is based on a encryption of a digest of the message. Most S/MIME agent does not include any part of the message headers in the message digest so anyone can modify the message header without signature corruption ! This is easy to do, for example, anyone can edit a signed message with his prefered message agent, modify whatever header he want (for example the Subject: , the Date: and the To: and redistribute the message in a list or to the robot without breaking the signature.

So we can not apply S/MIME authentication method to command parsed in the Subject: field of a message or via the -subscribe or -unsubscribe email adresse.

7.3 Use of S/MIME encryption

S/Sympa is not a implementation of ``S/MIME Symmetric Key Distribution'' internet draft. This sophisticated scheme is requiered for large lists with encryption. So, there is still some task for later developpement :)

We assume that S/Sympa distribute message as received, ie uncrypted if the list received a uncrypted message, crypted otherwise.

In order to be able to send encrypted message to a list, the sender need to use the X509 certificat of the list. Sympa will send a crypted message to each subscriber using subscribers certificate. To provide this feature, Sympa needs to manage one certificate for each list and one for each subscriber. This is availible in Sympa version number 2.8 and above.

7.4 S/Sympa configuration


7.4.1 Installation

All you need is to install openssl (http://www.openssl.org), the minimum requirement is the OpenSSL 0.9.5a. OpenSSL is used by Sympa as an external plugin (like sendmail or postfix), so it must be installed with the apropriate access (x for sympa.sympa).


7.4.2 configuration in sympa.conf

S/Sympa configuration is very simple. If you are used to Apache SSL, you will not be desorientate. If you are OpenSSL guru, you will feel at home and perhaps you will suggest us some changes.

The minimum is to teach Sympa where is the binary file for openssl program and where are the certificates of the trusted certificate authority. This is done using the optional parameters openssl and trusted_ca_options.


7.4.3 configuration to recognize S/MIME signature

Once openssl installed and sympa.conf configured, you S/Sympa is ready to use S/Mime signature for any operation authentication. You just need to use the appropriate scenario for the operation you want to secure. (see 8.6, page [*]).

When receiving a message, Sympa apply the scenario with the apropriate authentication method parameter. In most case, the authentication method is ``smtp'', in case the message is signed and the signature as been checked and match the sender email, Sympa apply ``smime'' authentication method.

Take care that if the scenario ignores this authentication method, the operation requested will be rejected. Subsequently, scenario from version previous to 2.7 are not compatible with the OpenSSL configuration of Sympa. All standard scenario (thoses who are distributed with sympa) now includes smime method. The following example is named send.private_smime limit send to subscribers using S/mime signature :

title.us restricted to subscribers check smime signature
title.fr limité aux abonnés, vérif de la signature smime

is_subscriber([listname],[sender])             smime  -> do_it
is_editor([listname],[sender])                 smime  -> do_it
is_owner([listname],[sender])                  smime  -> do_it

It as also possible to mixe various authentication method in a single scenario ; this one send.private_key require either md5 return key or S/Mime signature :

title.us restricted to subscribers with previous md5 authentication
title.fr réservé aux abonnés avec authentification MD5 préalable

is_subscriber([listname],[sender]) smtp          -> request_auth
true()                             md5,smime     -> do_it


7.4.4 distributing encrypted messages

In this section describe S/Sympa encryption features. The goal is to use S/MIME encryption list subscribers distribution if the message as been received encrypted from its sender.

Why S/Sympa is concerned by S/MIME encryption distribution process ? That's because encryption is made using the recepient X509 certificat whereas signature need the sender private key. So a encrypted message can be read by the recepient only if he is owner of the private key associated with the certificat. Therefore the only way to encrypt a message for a list of recepients is to encrypt and send the message foreach recepient. That's what S/Sympa do when distributing a encrypted message.

The S/Sympa encryption feature in the distribution process suppose that sympa as received a encrypted message for some list. To be able to encrypt a message for a list, the sender must have some access to a X509 certificat of the list. So the first think to do is to install a certificat and a private key for the list. The processus to manage and to obtain certificats is complex. Current version of S/Sympa assume that list certificat and private key are installed by the listmaster. It is a nice idea to have a look at OpenCA (http://www.openca.org) documentation and/or PKI providers web documentation. You can use commercial certificats or self made ones. Of course, the certificat must ,be approved for email aplication and issued by one of the trusted CA described in -CAfile file or -CApath OpenSSL option.

The list private key must be installed in a file named ~sympa/expl/mylist/private_key. All the list private keys must be encrypted using a single password defined by the parameter password in sympa.conf.

7.4.4.1 Use of Netscape navigator to get X509 list certificat

In many case e-mail X509 certificate are distributed vis a web server and loaded in the browser using your mouse :) Netscape allow to exports certificate in a file. So one way to get list certificat is to get e-mail certificate for the list canonical adress in your brower and to export and install it for Sympa :

  1. browse the net and load a certificate for the list adress on some PKI provider (your own OpenCa pki server , thawte, verisign, ...). Be carefull : the certificat email must be exctly the canonical adress of your list, otherwise, the signature will be incorrect (sender email will not match signer email).
  2. on the security menu, select the intended certificate and export it. Netscape will promt you for a password and a filename to encrypt the output file. The format use by Netscape is ``pkcs#12''. Copy this file in the list home directory.
  3. convert the pkcs#12 file into a pair of pem file : cert.pem and private_key using the  sympa/bin/p12topem.pl script. Use p12topem.pl -help for details.
  4. be sure that cert.pem and private_key are owned by sympa with ``r'' access.


next up previous contents index
Next: 8. Customizing Sympa/WWSympa Up: Sympa Mailing Lists Management Software Previous: 6. Using Sympa with a RDBMS   Contents   Index
root 2000-12-14