diff options
Diffstat (limited to 'docs/NOTES-isec-audit.org')
-rw-r--r-- | docs/NOTES-isec-audit.org | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/NOTES-isec-audit.org b/docs/NOTES-isec-audit.org new file mode 100644 index 0000000..f1d729d --- /dev/null +++ b/docs/NOTES-isec-audit.org @@ -0,0 +1,21 @@ +-*- mode: org; -*- + +* python-gnupg + +** what should be done by 1 May 2013: +- [ ] packaging for pypi +- [ ] unittests +- [ ] leap_mx and soledad should be using python-gnupg + +** what the isec folks might want to look at: +*** options + are there any ways to coerce python-gnupg in strange/buggy ways though its + allowed options, or, in general, though the API it presents? +*** daemons + if any of the daemons controlled by, or connected to, leap_mx or soledad + can be leveraged in any way to execute an a attack using python-gnupg. +*** keyID collision / couchDB key database poisoning + is there a way to trick python-gnupg into using an incorrect key? +*** identity leaks + is there a way to analyse the mailserver, leapmx, or soledad, to gain info + about which key is being used at a particular time? |