Developers of Sympa

[Aumont <address@concealed>]

> Jim Schaad wrote:
> 
> I really should have responded sooner, however here is my response now:
> 
> 1.  Sympa should have the ability to evaluate all certificates in the
> database at a fixed frequency to look for currently bad and nearly bad
> (on a time basis) certificates.
That's allready in the the TODO. We need first to introduce a kind of
crontab in Sympa in order to perform some periodical task such as
"send a remind to list subscribers every mounth".
"check for certificat expiration" and "update certificat revocation lists"
will be controled by it. 
> 
> 2.  A bad certificate should allow for 1) notification to the admin and
> 2) notification to the recipient.
> 
> 3.  Sympa should allow for messages to be queued until new certificates
> can arrive for individuals.
> 
Hum..., that may be very hard to manage. I think it's better to made crypted
messages accessibe via WWSympa archives. Of course, those messages must
be accessibe only for users using HTTPS with user certificate based
authentication. Currently, WWSympa can manage user authentication based on
HTTPS user certificat
for most opération (both user and owner features) but archives are not yet
already HTTPS because sympa will NEVER store crypted message in a UNcrypted
form on the disk. 

So WWSympa must be able to recognize S/MIME format in the archives, decrypt
and deliver it via a secure HTTP session.

-----------------------------------------------------------
Serge Aumont        Comité Réseaux des Universités
                     Campus Beaulieu 
                     35042 Rennes Cedex   +33 2 998 471 47