public inbox for
Atom feed
From: Jonathan Lane <tidux@sdf•org>
Subject: Re: nncp-sudo
Date: Wed, 25 Aug 2021 19:24:48 +0000	[thread overview]
Message-ID: <> (raw)
In-Reply-To: <>

I think for SDF the ideal NNCP workflow would be as close to email-like
as possible, which is where needing multiple keys comes in.  For private
email, your GPG keys live in your homedir, and if someone sends you an
encrypted email, only you (or root) can read the raw data from your
spool, and only you (or root su'd to you with your key resident in
memory) can decrypt it.  All delivery goes through the single daemon on
the machine for both user-to-user and Internet-transiting.

The best way to do that from a sysadmin's perspective would be software
that defines key -locations- on the filesystem, relative to ~$USER, and
leaves key management itself up to the user, like PGP.  So for example
in NNCP's configuration it could be something like this:

    "userKeyLocation": ".config/nncpgo/keys/"

which would read the file $HOME/.config/nncpgo/keys/private when a user
runs nncp-toss to decrypt delivered packets, and read the file
$HOME/.config/nncpgo/keys/public when encrypting outbound traffic.

This gets a little tricky with NNCP as an IMAP4/SMTP-Submission
replacement since you still need the daemon to talk to Postfix or
whatever, as well as interact with the user's regular mail spools, but
in that case I think SDF would set up NNCP as a system service like UUCP
where everyone interested runs their own node on their laptop or
whatever and uses Syncthing (installed on the MetaArray) for bridging
air gaps, and on SDF's end it's used as a mail gateway and for copying
SDF Public Access UNIX System -

  reply	other threads:[~2021-08-25 19:25 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-08-20  3:42 ANN: Tunnelling NNCP over (ssh, sudo, tor, S3, Nextcloud, syncthing, uucp) John Goerzen
2021-08-20 10:52 ` Sergey Matveev
2021-08-20 12:36   ` John Goerzen
2021-08-21 18:30     ` Sergey Matveev
2021-08-24  2:31       ` John Goerzen
2021-08-24  8:35         ` Frank Doepper
2021-08-24 10:12           ` Sergey Matveev
2021-08-24 10:09         ` Sergey Matveev
2021-08-20 11:11 ` nncp-sudo Sergey Matveev
2021-08-20 12:30   ` nncp-sudo John Goerzen
2021-08-21 19:02     ` nncp-sudo Sergey Matveev
2021-08-24  2:35       ` nncp-sudo John Goerzen
2021-08-25 19:24         ` Jonathan Lane [this message]
2021-08-25 20:31           ` nncp-sudo John Goerzen