DebianParl used by Greens/EFA

Pilot project about trusted email.

Project

Project is deployed by the Greens/EFA coalition at the European Parliament, in collaboration with DG-ITEC (institutional sysadmins) and DebianParl developers.

10 parliamentary workers - politically elected and staffers - are equipped with a laptop running the email profile of DebianParl, and guided in using its security features to establish trusted communication.

Challenges

Internet

No internet connection is ordinarily available for user-trusted computers.

DG-ITEC in principle supports Linux, but completetly lack procedures to do so (even for the Ubuntu systems they support themselves).

DG-ITEC offers these types of network acess:

Ideal would be that DG-ITEC turns on EP-EXT wifi with no access control (and treats it equal to alien networks as anti-spoofing measure).

Workarounds:

  1. Participants use EP-guest, with certificate issued ordinarily by DG-ITEC.
  2. Participants use EP-PRIVATE, with certificate issued exceptionally by DG-ITEC.
  3. Participants use non-parliamentary internet providers (e.g. via cellphone or nearby cafe).

Email

Parliamentary email account is unusable for trusted email.

DG-ITEC considers it a security risk to offer open email standards accessible from outside the European Parliament.

DG-ITEC offers personal email for parliamentary workers:

Ideal would be that DG-ITEC enables open standard IMAP and SMTP protocols ordinarily (and requires open standard TLS protocol for security).

Workarounds:

  1. Participants use parliamentary address, via SMTP and IMAP exceptionally enabled by DG-ITEC.
  2. Participants use non-parliamentary address.

Mailinglists

Parliamentary email acount is unusable with ordinary mailinglists.

DG-ITEC treats ordinary mailinglists as spoofing: Drops mails originating from their domain and redistributed back to same domain.

Ideal would be that DG-ITEC would respect envelope sender (i.e disregard "From:" in email itself) as documented in RFC 5321 section 3.9.

Workarounds:

  1. Participants use non-parliamentary address.
  2. Participants use non-standard mailinglist, exceptionally designed to cheat Parliamentary postal system.

Timeline

Pending

DebianParl (now):

Greens/EFA (now):

DG-ITEC (now):