On 06/28/2013 10:11 AM, Barry Warsaw wrote:
Another complication is that keys will probably be attached to users, but users have relationships with list across the entire Mailman installation. So if it were list owners that were responsible for key management, how does that cross list boundaries? What about lists on the same system but in different domains? Does the site admin have to delegate key management responsibilities to list owners? I can imagine some kind of attack involving a list owner who approves a member's key for one list, and then using that to attack other lists on the same system. Tricky business.
An OpenPGP certification of a key+userid just means that the certifier believes that the key belongs to the person who has that user ID (including the e-mail address). i think the best way to implement stephen's suggestion is that in order to be able to post to a signed-message-only list, a list member must have a key that has been certified by the list's administrator.
Note that this does *not* mean that a non-list-member whose key has been certified by the list's administrator can post. List membership and key certification are orthogonal attributes; Both should be needed (plus a valid signature on the message, of course!) before a message is passed on to such a list.
--dkg