On 27 Apr 2013, at 14:40, Richard Wackerbarth <rkw@dataplex.net> wrote:
I don't think that "we" have the expertise to create a "secure" system. At best, we can adopt good practices and provide an obscured traffic stream. I consider anything more to be beyond the scope of the MM project.
Also, what kind of secure list would have automated processing of message content as a requirement? If a message is gpg encrypted, then every sender would require the public keys of every recipient, would they not? Which means that a PKI for the list holders is required. Currently outside of Mailman's scope, but if it exists, then presumably senders would be required to cryptographically sign every message. All the list needs to do is verify the signature before redistributing. THAT is going to be the main body processing requirement.
On Apr 27, 2013, at 8:22 AM, Stefan Schlott <stefan.schlott@ulm.ccc.de> wrote:
On 27.04.2013 06:45, Stephen J. Turnbull wrote:
- Your list has elevated security requirements. In this case, you can use gpg-agent to manage the secret key (and its passphrase).
I don't understand what threat you propose to address in this way. It's true that you can prevent the attacker from getting access to the key (using agent forwarding or a token, it need not be on the exposed host at all), but we're assuming he has access to the host and the Mailman process.
The gpg-agent approach protects you from all storage-related attacks:
- unencrypted backups
- physical access to the harddrive
- etc.
It does not protect from attackers who have access to the contents of the computer's RAM:
- raw memory access and scanning for the secret key (requires root)
- memory dump via DMA-enabled interfaces (firewire, pc-card, ...)
- cold boot attacks
Stefan
Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.ac.u...
Security Policy: http://wiki.list.org/x/QIA9
-- Ian Eiloart Postmaster, University of Sussex +44 (0) 1273 87-3148