[ mailman-Patches-646989 ] NAH6 Secure List patch: GPG plugin
SourceForge.net
noreply at sourceforge.net
Fri Jun 20 20:23:40 EDT 2003
Patches item #646989, was opened at 2002-12-02 11:07
Message generated for change (Comment added) made by pcarr
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=646989&group_id=103
Category: list administration
Group: Mailman 2.2 / 3.0
Status: Open
Resolution: None
Priority: 6
Submitted By: Rop Gonggrijp (rop)
Assigned to: Thomas Wouters (twouters)
Summary: NAH6 Secure List patch: GPG plugin
Initial Comment:
"NAH6 Secure List" is a patch for Mailman 2.1b5 that
adds GPG functionality. It is built around a key-scheme
that allows an admin to create an encrypted list for
which even the server operator doesn't have access to
the messages.
Only the public key for the list is given to the server, so
it can perform 'emergency encryption' in case someone
forgets, and all users get the public and private key for
the list.
We think we've done a decent job of describing the new
functionality from server-operator, list-admin and list-
member points of view. There's also a technical
document for those familiar with the Mailman code.
Please have a look at:
http://www.nah6.com/products/secure-list/
and follow the links from there
We feel more people need this, and we'd really like it to
be part of the Mailman distribution at some point...
Kind Regards,
Rop Gonggrijp
Joshua Eichen
Please forgive mangling the Mailman logo on the site: if
y'all don't like it or think it's over the top we'll use
something else....
----------------------------------------------------------------------
Comment By: Pat Carr (pcarr)
Date: 2003-06-20 22:23
Message:
Logged In: YES
user_id=710070
The problem with the NAH approach is that every time a
member leaves the list, the administrator needs to generate
and distribute a new key, and every remaining member would
have to remove the old list key and replace it with the new
one. This could become a logistical nightmare, and makes it
more difficult to sell this capability to a group that has
people who are email savvy, but not necessarily pgp-savvy.
I prefer the approach in patch #645297, recognizing that the
task there is to maintain strict security of the server and
the secret keys of the lists.
----------------------------------------------------------------------
Comment By: Thomas Wouters (twouters)
Date: 2003-03-10 11:16
Message:
Logged In: YES
user_id=34209
I'm looking at this patch, but I'm a bit confused. Which is
the newer patch, v1.0 for Mailman 2.1 (uploaded last) or
v1.1 for Mailman 2.1b5 (which is linked to from the NAH6
secure-list page.)
Otherwise, the patch looks okay. There are some whitespace
issues, and the PGP specific options aren't properly
internationalized, but that can all be fixed. The patch
edits Defaults.py, but it should be Defaults.py.in (if you
want to apply to CVS before installation, anyway.) Oh, and a
'global' statement for DETAILS in the global namespace
really isn't necessary... Do you need someone to come over
and give a Python tutorial at NAH6 ? :-)
Assigning to myself so I don't forget it; if someone else
wants it, that's fine by me.
----------------------------------------------------------------------
Comment By: Barry A. Warsaw (bwarsaw)
Date: 2002-12-11 23:01
Message:
Logged In: YES
user_id=12800
The logo's fine (plus the original is free software).
I'm defering this until after MM2.1 because we're about
ready for the first release candidate.
----------------------------------------------------------------------
You can respond by visiting:
https://sourceforge.net/tracker/?func=detail&atid=300103&aid=646989&group_id=103
More information about the Mailman-coders
mailing list