summaryrefslogtreecommitdiff
path: root/docs/NOTES-isec-audit.org
diff options
context:
space:
mode:
Diffstat (limited to 'docs/NOTES-isec-audit.org')
-rw-r--r--docs/NOTES-isec-audit.org21
1 files changed, 21 insertions, 0 deletions
diff --git a/docs/NOTES-isec-audit.org b/docs/NOTES-isec-audit.org
new file mode 100644
index 0000000..f1d729d
--- /dev/null
+++ b/docs/NOTES-isec-audit.org
@@ -0,0 +1,21 @@
+-*- mode: org; -*-
+
+* python-gnupg
+
+** what should be done by 1 May 2013:
+- [ ] packaging for pypi
+- [ ] unittests
+- [ ] leap_mx and soledad should be using python-gnupg
+
+** what the isec folks might want to look at:
+*** options
+ are there any ways to coerce python-gnupg in strange/buggy ways though its
+ allowed options, or, in general, though the API it presents?
+*** daemons
+ if any of the daemons controlled by, or connected to, leap_mx or soledad
+ can be leveraged in any way to execute an a attack using python-gnupg.
+*** keyID collision / couchDB key database poisoning
+ is there a way to trick python-gnupg into using an incorrect key?
+*** identity leaks
+ is there a way to analyse the mailserver, leapmx, or soledad, to gain info
+ about which key is being used at a particular time?
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-12 02:50:16 +0000