Imported Upstream version 1.3.1upstream

author: Kali Kaneko <kali@futeisha.org> 2014-08-18 12:52:50 -0500
committer: Kali Kaneko <kali@futeisha.org> 2014-08-18 12:52:50 -0500
commit: 4bd0fa843176a112c054929fbe6dd99f45d718a2 (patch)
tree: e5b886e9879c9931cfd1d460f14f7271948924d4 /docs/NOTES-isec-audit.org
parent: d1955bd267a132c24d9e64dde7a1cdb8bd9fe9c5 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/NOTES-isec-audit.org b/docs/NOTES-isec-audit.org
new file mode 100644
index 0000000..f1d729d
--- /dev/null
+++ b/docs/NOTES-isec-audit.org
@@ -0,0 +1,21 @@
+-*- mode: org; -*-
+
+* python-gnupg
+
+** what should be done by 1 May 2013:
+- [ ] packaging for pypi
+- [ ] unittests
+- [ ] leap_mx and soledad should be using python-gnupg
+
+** what the isec folks might want to look at:
+*** options
+    are there any ways to coerce python-gnupg in strange/buggy ways though its
+    allowed options, or, in general, though the API it presents?
+*** daemons
+    if any of the daemons controlled by, or connected to, leap_mx or soledad
+    can be leveraged in any way to execute an a attack using python-gnupg.
+*** keyID collision / couchDB key database poisoning
+    is there a way to trick python-gnupg into using an incorrect key?
+*** identity leaks
+    is there a way to analyse the mailserver, leapmx, or soledad, to gain info
+    about which key is being used at a particular time?
author	Kali Kaneko <kali@futeisha.org>	2014-08-18 12:52:50 -0500
committer	Kali Kaneko <kali@futeisha.org>	2014-08-18 12:52:50 -0500
commit	4bd0fa843176a112c054929fbe6dd99f45d718a2 (patch)
tree	e5b886e9879c9931cfd1d460f14f7271948924d4 /docs/NOTES-isec-audit.org
parent	d1955bd267a132c24d9e64dde7a1cdb8bd9fe9c5 (diff)