DebianParl used by Greens/EFA

Pilot project about trusted email.

Project

Project is deployed by the Greens/EFA coalition at the European Parliament, in collaboration with DG-ITEC (institutional sysadmins) and DebianParl developers.

10 parliamentary workers - politically elected and staffers - are equipped with a laptop running the email profile of DebianParl, and guided in using its security features to establish trusted communication.

Challenges

Internet

No internet connection is offered at all for user-trusted computers.

DG-ITEC standard procedures excludes Linux (even the Ubuntu systems they support themselves), and proposed extraordinary procedures involve applying secret tasks while in DG-ITEC possesion.

DG-ITEC offers these types of network access:

Ideal would be that DG-ITEC drops access control on EP-GUEST (and treats it equal to alien networks as anti-spoofing measure).

Workarounds:

  1. Participants use EP-GUEST, with certificate exceptionally passed as a plain file to the user by DG-ITEC.
  2. Participants use non-parliamentary internet providers (e.g. via cellphone or nearby cafe).

Email

Parliamentary email account is unusable for trusted email.

DG-ITEC considers it a security risk to offer open email standards accessible from outside the European Parliament.

DG-ITEC offers personal email for parliamentary workers:

Ideal would be that DG-ITEC enables open standard IMAP and SMTP protocols ordinarily (and requires open standard TLS protocol for security).

Workarounds:

  1. Participants use parliamentary address, via SMTP and IMAP exceptionally enabled by DG-ITEC.
  2. Participants use non-parliamentary address.

Mailinglists

Parliamentary email account is unusable with ordinary mailinglists.

DG-ITEC treats ordinary mailinglists as spoofing: Drops mails originating from their domain and redistributed back to same domain.

Ideal would be that DG-ITEC would respect envelope sender (i.e disregard "From:" in email itself) as documented in RFC 5321 section 3.9.

Workarounds:

  1. DG-ITEC exceptionally excempt email-addresses of pilots from their strong anti-spoofing filter
  2. Participants use non-parliamentary address.

Timeline

Pending

DebianParl (now):

Greens/EFA pilots with laptop (now):

Greens/EFA pilots lacking laptop (now):

Greens/EFA pilots not subscribed to mailinglist (now):

DG-ITEC (now):

Curiosa

https://xkcd.com/1181/