e-Commons Fund

In-memory Krill — Integrate kvx store in Krill RPKI daemon

Krill shows users which announcements are seen in BGP based on the resources on their certificate, and uses this information to give suggestions about ROA configurations. Krill stores its data in a simple key-value store. It initially used the file system for this purpose. The kvx library was envisioned as an abstract version of the store that can use different technologies as the backend. Initially, in addition to the file system, kvx provided an in-memory store which is already used by Krill for testing, and a store using the PostgreSQL database management system.

>> Read more about In-memory Krill

Mox API — Modern full-featured open source secure mail server

Email is one of the most ubiquitous communication tools of the last several decades, but has accumulated a complexity that makes it hard for people to join the network as a first class citizen. Most email server software is hard to set up, maintain, and improve, hence there is an opportunity for a new generation of email implementations.

Mox is a modern email server implementation that makes it easy for people and organizations to run their own mail server, allowing them to stay in control of their own email communication, and keeping email decentralized. All important protocols/mechanisms needed for a modern email setup have been implemented in mox, including: IMAP4, SMTP, SPF, DKIM, DMARC, MTA-STS, TLSRPT, automatic TLS with ACME and Let's Encrypt, IP/domain/bayesian spam filtering, internationalized email, account autoconfiguration. This project will bring an HTTP-based API for sending email, as well as a number of other worthwhile improvements ranging from sending email over SMTP, a better admin web interface and more documentation.

>> Read more about Mox API

OpaqueStore/Sphinx 2.0 — Store arbitrary sized secrets + IRTF/CFRG compliant SPHINX implementation

Most cryptography in current use on the internet depends on a single key held by a single actor, while threshold encryption allows for key material to be split up in multiple parts and kept by different actors - allowing to better hedge risks and create more resilient and more secure ways of working.

This project levers so called Oblivious Pseudo-random Functions (OPRFs) to deliver a number of unique building blocks for a more secure internet: OPAQUEstore, a server that can store arbitrary sized secrets using only a password for decrypting them. And new OPRF-powered implementations of SPHINX client and server which are compliant with the IRTF/CFRG specifications.

>> Read more about OpaqueStore/Sphinx 2.0

bzip2 in Rust — Memory safe implementation of bzip2 compression algorithm

The `bzip2` compression format is still used in many legacy settings. onsequently, it is part of the supply chain of many projects. To mitigate these risks, this project will deliver a memory-safe implementation of bzip2 through drop-in replacements of the libraries and a safe Rust `bzip2` binary.

>> Read more about bzip2 in Rust

FreeBSD sudo-rs — Port to FreeBSD and legacy compatibility

Sudo is a small but critical system tool allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. As such, it guard a critical privilege boundary on just about every free and open-source operating system that powers the Internet. sudo-rs is a drop-in replacement for sudo written in Rust. This project will port the tool to FreeBSD, and will address some known bugs and incompatibilities between sudo-rs and sudo.

>> Read more about FreeBSD sudo-rs