Getting Started Using SYMPA

SYMPA is a mailing list manager developed by CRU that includes support for PKI. Client side certificates can be used to login to the mail list management web server. Signatures on S/MIME messages are used to allow posting to closed lists. Encrypted messages sent to the list manager are distributed by re-encrypting the contents for each list recipient.

A SYMPA installation is available for testing at Dartmouth College. Dartmouth community members can request that a list be created. Requests need to be approved by the SYMPA installation manager. Once a list is created, the owner of the list is able to set enrollment and posting policies. Potential list members can join a list by visiting the list manager web server. More information on SYMPA's features is found here.

Set up

To use the PKI features of SYMPA, individuals need to get a key and certificate. To use the signature and encryption features, an individual must send two messages to the list manager to register their keys. The process is detailed below.

1. Get a Dartmouth College issued personal certificate.
2. Log in to the list manager by connecting to https://lists.dartmouth.edu/wws/
   

   Select your personal certificate and provide your certificate store password.

3. To use signed messages with SYMPA, send a signed message to [list-name]@lists.dartmouth.edu so the list manager can get your signing public key. (For example there is a test list named "pki-test" which requires a S/MIME signature in order to sign up)
4. To use encrypted messages, first visit the home page of the Mailing list manager and click on the name of a list to which you are subscribed. From that list's administration page, click the "load certificate" button to obtain this list's PKI certificate. (you need the list's certificate before you can send it an encrypted message.)

   Send an encrypted message to [list-name]@lists.dartmouth.edu so the list manager can get your encryption public key which will be used to re-encrypt your message and distribute it to each list member.
   

Using a List

• To join a list click on it's name on the List Manager's home page. On the web page for a particular list, click on the "subscribe" button to join it.
• Once you are logged in your can manage your subscriptions and preferences. On your preferences page you can set a "display name" for yourself by filling in the "name" field in the "your environment" section. (The passwords section is not used when you are authenticating with your PKI certificate.)
• To create a list, click on the "Create a list button on the upper right of the list manager's web page.
• To post messages to the list, send email to [list-name]@lists.Dartmouth.EDU or use the "post" function on the mailing list web site.
• Click the "help" button for other usage information

Problems

Using Mozilla 1.1, sending encrypted message fails if the list manager has a 512 bit key. The error is "please check that you have a valid e-mail certificate for each recipient." However we had trouble loading a 1024 bit key for SYMPA to use.

Note: The list manager interface can also be accessed without PKI by making a non-SSL connection to the list manager interface and using your e-mail address and a password created when you are enrolled on a list.

Development System

A second copy of the SYMPA has been installed for application testing. Log in to the list manager by connecting to https://sympa.dartmouth.edu/wws/
(Note: this test installation is using a web server certificate issued to localhost@localdomain. Your web browser will warn you that the server certificate does match the address to which you requested a connection. To connect, agree to accept the certificate anyway.)