[Mailman-Developers] Mailman and GPG.
Tue, 07 Nov 2000 02:13:39 -0500
> At 12:54 AM -0500 11/7/00, Omri Schwarz wrote:
> >Both your solution and mine do the same thing on the human
> >failings angle: they allow a mail server admin to set up a list
> >that does encryption for everyone, so that people learn that
> >some things are best not discussed in plaintext.
> no, it really doesn't, because the message is sent to the MLM in
> plaintext, so it has no security at all. If you depend on the MLM to
> do the encryption, you might as well not encrypt, bceause anyone
> sniffing packets will have the data no proble. what you're doing is
> setting up a sense of *false* security, but you're in fact leaving
> things wide open. It has to be encrypted leaving the client, or it's
> not secure.
Unless I misunderstood, in both cases
a program on the server decripts incoming mail and
then re-encrypts, but that in once case the Sendmail/Qmail
program does this while I want the MLM to do it.
Setting up an encription-required rule for a list
should be easy in either case.
> >GPG version chauvinism is a must for such a project.
> why? you want encryption endemic. Which implies abiliy to handle
> anyone's public key and do something reasonable with it, not just
> one. Otherwise, you're balkanized, and that defeats the purpose again.
> >In turn, that kills the MUAs. However,
> >I don't believe good GPG handling in the MUAs
> >is the necessary-and-sufficient part to bring this about.
> If the MUAs don't support encryption, then how will users decrypt
> something the MLM encrypted? And if the MUA does support encryption
> -- the MLM doens't have to.
MUAs that support encryption do exist.
Unfortunately, they cater mostly to Unix gurus.