SELS

About NCSA Projects User Info News

University of Illinois
at Urbana-Champaign

sels

SourceForge.net Logo

Download SELS brochure

SELS Brochure

Frequently Asked Questions (FAQ)

General
  1. What is SELS ?
  2. Does SELS have a user mailing list, where I can post questions?
  3. Where do I install GnuPG from?
List Subscriber
  1. I cannot understand your instructions on how to import keys for the list. Is there a step by step guide I can refer to ?
  2. Why should I place "full trust" in the LM's public key?
  3. Are encrypted attachments supported in SELS ?
  4. I sent a message to the list. It has not been delivered to list members, why ?
  5. I use PGP desktop as my key manager. I cannot import the revocation certificate for the old List key ?
List Moderator
  1. During List Key generation, when I import the List Server (LS) public key to my keyring , I get weird errors such as: "missing self signature" and "time warp problems". What should I do to get rid of these ?
  2. Where do I install Python and Java from ?
  3. I am upgrading to a new version of SELS. Can I use my old lists and keys associated with the list?
List Server
  1. Why is the List Server (LS) code run from /usr/local and not user space ?
  2. Where do I install Mailman From ?
  3. Where do I install Apache Webserver from ?
  4. How do I set up sendmail ?

General

  1. What is SELS ?

    Answer: SELS or Secure Email List Services is an open source software open source software for creating and developing secure email list services among user communities. SELS uses Mailman as the Email List Manager. SELS has three entities, List Server, List Moderator and List Subscriber.

  2. Does SELS have a user mailing list, where I can post questions?

    Answer: Yes, You can subscribe to the sels-users mailing list by sending an email to majordomo@ncsa.uiuc.edu and putting "subscribe sels-users" in the message body. Once subscribed you can post a message to the mailing list at sels-users@ncsa.uiuc.edu.

  3. Where do I install GnuPG from?

    Answer: Install GnuPG software from http://www.gnupg.org/


List Subscriber

  1. I cannot understand your instructions on how to import keys for the list. Is there a step by step guide I can refer to ?

    Answer: For a step by step guide using Thunderbird with Enigmail click here.

  2. Why should I place "full trust" in the LM's public key?

    Answer: SELS recommends setting the key trust to "full" for the LM's public key. Then signing the public key locally (i.e. with non exportable signature). This step makes the other keys signed by the LM (i.e., those in the "Accept" email message) automatically trusted when they are imported. This is the most straightforward approach for novice GPG users.

    If you do not want to place "full" trust in a key then sign all the list keys individually. You can sign the keys locally to create "non exportable signatures".

    You should do a fingerprint verification of the key before trusting or signing it. To do so please contact the List Moderator by some out of band means, ex telephone.

  3. Are encrypted attachments supported in SELS?

    Answer: SELS supports attachments when they are encrypted together with the message body as a PGP MIME block. SELS does NOT support inline attachments encrypted individually at present.

  4. I sent a message to the list. It has not been delivered to list members, why ?

    Answer : The reason could be one of the following:

    • You did not encrypt with the right key. All messages should be encrypted with the "List key" (LK) for the list.
    • You sent an HTML message. SELS supports text/plain for inline GPG encryption and signing and PGP MIME for HTML messages and attachments. This setting is a general recommendation for users (Refer GnuPG FAQ) . HTML messsages in Thunderbird with Enigmail do not support inline encryption/signing and result in an error. Thunderbird with Enigmail also provides a warning ( Refer Enigmail warning) to the user as shown here:

      Tbirdwarn

    • The List Server is down. Please contact List Moderator or List Server Administrator.

  5. I use PGP desktop as my key manager. I cannot import the revocation certificate for the old List key ?
  6. Answer : PGP Desktop does not support GnuPG generated revocation certifcates. You will have to disable the old List Key manually.


List Moderator

  1. During List Key generation, when I import the List Server (LS) public key to my keyring , I get weird errors such as: "missing self signature" and "time warp problems". What should I do to get rid of these ?

    Answer: Synchronize the time between the List Server and the List Moderator machines using ntpdate.

    For example : /usr/sbin/ntpdate ntp.ncsa.uiuc.edu

  2. Where do I install Python and Java from ?

    Answer: Install Java from the Sun download page. Python can be installed from the Python website.

  3. I am upgrading to a new version of SELS. Can I use my old lists and keys associated with the list?

    Answer: You should be able to use your old list with the new version. You can use the old key pairs' too unless the new code has changed to affect them or there is a security issue. You will be notified in either case. Before upgrading to a new version make a backup of your list folder, for e.g. ~sels-0.3/LM/lists/<listname>. After upgrading to the new version copy the <listname> folder back to your new lists directory, for e.g. ~sels0.4/LM/lists/.


List Server

  1. Why is the List Server (LS) code run from /usr/local and not user space ?

    Answer: We support running the LS code from /usr/local as root because of permissions and ownership issues of Mailman. Typically mailman is installed in /usr/local. If you have a Mailman installation elsewhere for example : /home/user , then *technically* you can run the LS code from the same directory.

    Since all list keys and corresponding user keys are stored in ~mailman/lists/, it is recommended that Mailman and SELS LS code be installed in /usr/local.

  2. Where do I install Mailman From ?

    Answer: Mailman can be downloaded from here. Follow these installation instructions.

  3. Where do I install Apache Webserver from ?

    Answer: Apache can be downloaded from here. Apache is usually comes with a default Linux installation. Run "locate httpd" or "locate apache" or "locate apache2" as root to find out more.

  4. How do I set up sendmail ?

    Answer: Sendmail comes with a default Linux installation. Run "locate sendmail" as root to find out more. LS should be equipped with an SMTP server. To set one up follow the steps listed here.


Copyright 2000-2008 Board of Trustees of the University of Illinois.